Cyber Incident Victim: Canton of Nidwalden

On or around June 16, 2023, the Canton of Nidwalden in Switzerland reported a cyberattack. The incident was publicly disclosed by the State Chancellery. The attack was attributed with suspicion to the hacker collective known as "NoName." The attack targeted parts of the systems belonging to the canton itself and also affected systems of some associated municipalities. The primary impact was on the availability of web services. During the morning of the attack, several websites became temporarily unreachable for a period of time. As a direct response to the incident, the canton proactively took a number of its web pages offline temporarily as a precautionary measure to contain the disruption and prevent further availability issues.

Beyond the technical disruption to website availability, the administration also received threats through various communication channels. The nature and specific content of these threats were not detailed in the public announcement. The State Chancellery communicated that there were no initial indications suggesting these threats had any credibility or truth to them. Upon receipt of these threats, the Canton of Nidwalden immediately informed its cantonal police force. The involvement of law enforcement signifies the seriousness with which the administrative body treated the combination of a cyberattack and accompanying threatening communications.

According to the technical assessment provided by the State Chancellery, this type of hacker attack typically aims to overwhelm websites and web applications with a high volume of targeted requests. This technique is consistent with a Distributed Denial of Service (DDoS) attack, which is designed to render online services unavailable to their intended users by saturating them with traffic. The authorities explicitly stated that such attacks do not involve data theft, indicating their assessment was that the incident's objective was disruption and intimidation rather than infiltration or data exfiltration. The confirmation that no data theft occurred was a key point in the official communication regarding the scope and impact of the event.

The incident occurred in a broader context of heightened cybersecurity alertness within Swiss governmental IT systems. Earlier in the same week, the IT systems of the Swiss federal administration had themselves been targeted by hackers. This prior event on a national level had prompted increased vigilance. The Informatics Performance Center (ILZ) Obwalden/Nidwalden, which is the entity responsible for managing the IT infrastructure for both the Canton of Nidwalden and its municipalities, had taken proactive steps following the federal attack. After the attack on the federal administration became known, the ILZ intensified its system monitoring and reinforced its security measures in anticipation of potential follow-on or copycat incidents.

This prior strengthening of security postures is cited as a direct factor in mitigating the effects of the attack on the canton. The State Chancellery reported that because the ILZ had already enhanced its defensive capabilities, the overall impacts of the "NoName" attack on June 16 were minor. The term "geringfügig" or slight was used to characterize the severity of the consequences. The primary impact remained the temporary unavailability of certain websites, with no reported compromise of internal systems or sensitive data. The response actions, including taking systems offline preemptively, were effective in limiting the operational damage and restoring services. The incident was handled through existing protocols involving the internal IT service provider and law enforcement, with public communication used to disclose the event and reassure stakeholders regarding the limited data impact.