Cyber Incident Victim: Swiss Federal Government
Date:
Mar 2023
Location:
Switzerland
Summary
A cyberattack targeted the IT service provider Infolog, impacting its clients which included municipalities, SMEs, and automotive industry companies. All of the provider's systems were taken offline for three days as technicians worked to restore services. The company stated that no data was extracted by the hackers, a claim echoed in a separate but similar incident involving another provider whose client, a nursing home, had its data encrypted. While a ransom demand was confirmed in the second case, it remains unclear if it was paid.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 27, 2023, a cyberattack targeted an IT service provider whose clients included a Lausanne-based nursing home (EMS). The attackers successfully encrypted the client data. This incident caused significant operational disruption for the EMS, which did not return to normal operations until the beginning of the following week. The primary fear for the affected nursing home was that its sensitive data had been exfiltrated and leaked on the darknet. However, an audit conducted by cybersecurity specialists provided assurance that no data had been extracted from the systems. The investigation concluded that the hackers' sole objective was to paralyze the systems through encryption. A ransom demand was made by the attackers, but it remains unknown whether the IT service provider ultimately paid the ransom or if they managed to restore systems independently.
In a separate but related incident, the Vaud-based IT company Infolog was victimized by a hacking incident during the night of Monday to Tuesday the following week. Upon discovering the breach on Tuesday morning, Infolog immediately took all of its clients' systems offline. The company's technicians worked around the clock for three days, restoring full service by Thursday evening. Infolog's client base, which included municipalities, small-to-medium enterprises (PMEs), automotive industry companies, and industrial service providers, was impacted by this cascade failure. The company stated that no data was extracted by the hackers and that nothing had been exfiltrated from their network. They reported the incident to both cantonal police and federal authorities, though the Vaud police confirmed no formal complaint had been filed. Infolog acknowledged that a member of their staff had contact with the hackers but did not disclose the nature of that exchange. The company highlighted the severe challenge of recovering from such an attack, noting that for a typical PME, it could result in months of lost work or even immediate bankruptcy, whereas their own technical expertise and secure system backups allowed for a relatively swift resolution.