Cyber Incident Victim: BKW Building Solutions Group
Date:
Apr 2024
Location:
Switzerland
Summary
A ransomware attack targeted legacy IT systems of Swisspro, a subsidiary of BKW Building Solutions Group, though current operational environments across the organization remained unaffected, allowing continued customer service delivery. A taskforce isolated compromised systems, enforced password changes, and notified authorities while monitoring infrastructure for anomalies; ongoing analysis aims to determine potential data exfiltration, with no evidence of attacks spreading to customer systems or other affiliated entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early April 2024, Swisspro companies under the BKW Building Solutions Group became targets of a cyberattack confirmed by the company to inside-it.ch. The attack involved ransomware discovered on Swisspro's legacy IT infrastructure, though the current operational IT environments of Swisspro and other BKW Group entities remained unaffected. Despite the incident, Swisspro maintained its ability to deliver customer services without interruption. The affected Swisspro entities—Alphatrust, Ngworx, and Swisspro Solutions—had been consolidated under UMB during BKW's 2022 merger. Authorities were promptly notified following the attack's detection, and BKW established a dedicated taskforce to assess the breach's full scope and mitigate potential impacts.
The taskforce implemented immediate containment measures, including isolating compromised systems and enforcing password changes across relevant accounts. BKW confirmed all its systems continued normal operations with ongoing infrastructure monitoring for anomalies. No evidence indicated lateral attacks against customer systems, BKW Building Solutions, UMB, or other BKW subsidiaries. The investigation remained active to determine whether data exfiltration occurred, with no conclusive findings disclosed at the time of reporting. BKW's media office emphasized these measures ensured operational continuity while containing the incident to Swisspro's deprecated IT assets.