Jump to content

Switzerland’s cybersecurity experts still can’t Xplain how federal documents made it to the dark web

Recommended Posts


Though a ransomware attack on Xplain, a Swiss software developer contracted by the country’s federal government, became known almost as it happened in late May 2023, a new report from the country’s National Cyber Security Centre (NCSC) has shed additional, disconcerting light on the extent of the incident.

Per that report (via BleepingComputer), the NCSC believe that 1.3 million files were released by the threat actor, a ransomware group known as Play, in a package on the dark web. 

65,000 of these files are considered ‘relevant’ to the Swiss government, with the vast majority (47,413) of these belonging directly to Xplain. 

Xplain ransomware attack

The NCSC also wrote about the challenges involved in determining file ownership, and the specific nature of each compromised file. It did, however, reveal that the data included employee data and passwords vulnerable to identity theft, technical specifications, and unspecified ‘classified information’, and had determined how many files belonged to each of these categories. 

Xplain, which describes itself as a ‘homeland security’ company, updated its own evolving statement on the attack in the wake of the report on February 8. It claims that, following the attack, it filed a criminal complaint, and ‘rebuilt [its] entire IT infrastructure’ in line with the NCSC’s recommendations. 

Despite this, Xplain maintains that it’s still unclear as to how the attack was made possible, noting that ransomware groups often use undisclosed vulnerabilities to gain unauthorized access to computer systems.

Most importantly of all, the company reports that it has not been significantly harmed financially by the event, which it attributed to its ‘diversified, long-term business model’ (which we think is business-speak for ‘fingers in many pies) and ‘the benefits from indemnity insurance’. 

All’s well that seems to end well, then, but as there’s plenty that we don’t know about how the breach was committed, this may not be the last that we hear about the incident.

More from TechRadar Pro

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...