Menu
Browse

Cyber Incident Victim: Swiss Federal Government

Date:

Jan 2024

Location:

Switzerland

Summary

The Swiss Federal Government experienced a cyberattack attributed to the Russian-aligned group NoName057(16) following Ukrainian President Selenskyj's visit and participation in the World Economic Forum. The attackers employed DDoS techniques, temporarily disrupting access to multiple government department websites and affecting private entities, including public transport operators and hotels, though core systems like the Federal Council portal remained operational. The administration's cybersecurity agency had anticipated the attack, warned critical infrastructure operators in advance, and mitigated the incident by the same afternoon. No data breaches occurred, and services were restored promptly. The group claimed the attack was retaliation for Switzerland hosting Selenskyj, aiming to generate media attention to propagate their ideology.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On January 17, 2024, following Ukrainian President Volodymyr Selenskyj's in-person meetings with Swiss government officials in Bern and his appearance at the World Economic Forum (WEF) in Davos, the Swiss Federal Administration experienced a distributed denial-of-service (DDoS) attack attributed to the Russian-aligned group "NoName057(16)". The attack commenced before 08:00 local time, targeting multiple federal government websites, including those of federal departments and subordinate offices, though the Federal Council's portal remained unaffected. Attackers flooded servers with automated requests, causing intermittent outages across multiple sites, with downtime durations varying by system. The Federal Office for Cybersecurity (Bacs) detected the incident rapidly, having anticipated retaliatory actions due to Selenskyj's diplomatic engagements. By afternoon, all services were restored. Concurrently, the same threat group launched indiscriminate DDoS attacks against Swiss private entities, including Graubünden hotels and Geneva Airport's public website, which temporarily redirected visitors to its mobile app. Rhätische Bahn (RhB), a railway operator, confirmed an attack on its systems but noted the federal government had provided advance warning, enabling preparedness measures.

Cyber Incident Image

Bacs attributed the campaign to NoName057(16), a group historically active since at least June 2023, when it targeted Swiss infrastructure during Selenskyj's virtual address to parliament. The attackers publicly justified the January attack as retaliation for Switzerland hosting Selenskyj at WEF, aligning with their pattern of exploiting high-profile geopolitical events for visibility. Bacs characterized the group's primary objective as gaining media attention to propagate pro-Russian ideology rather than data theft or persistent disruption. Prior to the incident, Bacs had issued warnings to critical infrastructure operators the preceding week, urging enhanced protective measures, and maintained coordination with domestic and international partners throughout the event. Operational continuity was preserved at key facilities like the WEF's House of Switzerland. Impact analysis confirmed no data exfiltration occurred, consistent with the group's typical DDoS tactics. Federal systems resumed normal function within hours, though the attacks highlighted persistent vulnerabilities in public-facing digital infrastructure during periods of heightened geopolitical tension.

Sources
Sources available to members
1 source