Cyber Incident Victim: Enterprises affiliated with the Swiss Confederation

In late May 2023, Swiss technology provider Xplain suffered a ransomware attack by the Play cybercrime group, compromising data belonging to multiple Swiss government entities. The breach occurred on May 23 when attackers infiltrated Xplain's systems, exfiltrating documents containing confidential government information, financial records, and tax details. Xplain provided software solutions to various federal departments, administrative units, and military forces, creating broad exposure. After failed ransom negotiations, Play published the entire stolen dataset on June 1 via their leak site. Initial Swiss government assessments downplayed operational data exposure, but subsequent investigations revealed federal administrative data was likely compromised. Authorities initiated forensic analysis to identify affected agencies and data categories, acknowledging the potential sensitivity of leaked materials. No data recovery or ransom payment details were disclosed regarding Xplain's breach response.

Separately, on June 12, 2023, pro-Russian hacktivist group NoName launched distributed denial-of-service (DDoS) attacks against Swiss federal digital infrastructure, disrupting access to government websites and online services. This followed their earlier attack on the parliament website during debates about Swiss neutrality regarding Ukrainian aid. Federal specialists detected the volumetric attacks in real-time and implemented mitigation measures to restore service availability. The attacks coincided with the government's ongoing data breach disclosures, though no direct link between Play and NoName was established. Operational disruptions affected multiple agencies simultaneously, requiring coordinated response efforts across federal IT teams. The Swiss government maintained public advisories about both incidents while continuing investigations into the ransomware data exposure's full scope and validity.