Menu
Browse

Cyber Incident Victim: Swiss Federal Government

Date:

Jan 2025

Location:

Switzerland

Summary

A pro-Russian hacker group known as NoName057(16) conducted distributed denial-of-service (DDoS) attacks against Swiss financial institutions and municipalities, causing website outages. The attacks targeted Zürcher Kantonalbank, Waadtländer Kantonalbank, and multiple communities including Luzern, Adligenswil, Kriens, and Ebikon, overwhelming their online infrastructure with traffic to disrupt public access. The group publicly claimed responsibility on social media platform X, stating the attacks were politically motivated retaliation against Switzerland's support for Ukraine. NoName057(16) has persistently targeted countries perceived as hostile to Russia since emerging in 2022, focusing on critical infrastructure through coordinated network disruptions without data exfiltration.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On January 21, 2025, multiple Swiss websites experienced widespread disruptions due to distributed denial-of-service (DDoS) attacks attributed to the pro-Russian hacker group NoName057(16). The attacks primarily targeted financial institutions and municipal government portals, with Zürcher Kantonalbank and Waadtländer Kantonalbank confirming service outages affecting their public-facing websites. Several municipalities—including Luzern, Adligenswil, Kriens, and Ebikon—also reported inaccessible digital services during the incident. NoName057(16) publicly claimed responsibility through a post on the social media platform X, explicitly stating their intent to "test the resilience of Swiss internet infrastructure" while listing the affected entities. The group characterized the attacks as retaliation against Switzerland's political alignment with Ukraine amid the ongoing conflict with Russia, consistent with their established pattern of targeting nations perceived as hostile to Russian interests. Technical analysis confirmed the attacks employed standard DDoS methodology, overwhelming servers with artificially inflated traffic volumes to render services unavailable to legitimate users. No data breaches or system infiltrations occurred, as DDoS attacks exclusively disrupt availability rather than compromise confidentiality. Service restoration timelines varied across entities, though most reported full recovery within hours of mitigation efforts. The incident marked Switzerland's latest encounter with this threat actor, following similar disruptions to banking and government infrastructure throughout 2024.

Cyber Incident Image

NoName057(16) has conducted cyber operations since 2022, specializing in politically motivated DDoS campaigns against European nations supporting Ukraine. Their operational model relies on a decentralized network of anonymous participants coordinating attacks through platforms like Telegram and X. The group explicitly designates targets based on geopolitical criteria, prioritizing countries like Germany, Poland, Baltic states, and Switzerland that provide military or economic aid to Ukraine. Historical targeting patterns show consistent focus on disrupting public-facing websites of financial institutions, municipal governments, and critical infrastructure operators. While the January 21 attacks exclusively impacted website availability, the group has previously expanded operations to include defacement and propaganda dissemination during incidents in other nations. Swiss authorities have not disclosed specific defensive measures implemented during this incident, though standard DDoS mitigation protocols typically involve traffic filtering, rate limiting, and collaboration with internet service providers. The persistent nature of these attacks reflects NoName057(16)'s continued capacity to mobilize resources against Swiss digital infrastructure despite increased cybersecurity awareness following prior incidents. Financial institutions reiterated their contingency plans for service continuity during such disruptions, though customer access remained intermittently affected during peak attack periods.

Sources
Sources available to members
1 source