Cyber Incident Victim: Ascom
Date:
Mar 2025
Location:
Switzerland
Summary
Ascom disclosedthat a cyber‑attack compromised its technical ticketing system while other IT and customer systems remained unaffected and business operations continued normally. The company said the Hellcat ransomware gang claimed responsibility on X, prompting an immediate investigation by its IT cybersecurity team, which shut down the ticketing system to contain the breach. Authorities have been notified and the investigation is ongoing to determine the full scope of the incident, with the company maintaining close communication with customers and partners and stating that no preventive action is required from them.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On 16 March 2025, a cyber-attack targeted Ascom’s technical ticketing system. The attack resulted in the compromise of that specific system. No other IT systems belonging to Ascom were affected by the incident. Customer systems operated by Ascom also remained unaffected. Ascom’s overall business operations continued to be fully operational as usual. Immediately following the detection, Ascom initiated investigations into the criminal offense. The investigations are being conducted in cooperation with the relevant authorities. Ascom’s internal IT Cybersecurity Team is leading the investigative effort.
A group identifying itself as the Hellcat ransomware gang announced on the social media platform X that it had breached Ascom’s IT infrastructure. In response to the announcement, Ascom’s IT Cybersecurity Team promptly closed the compromised ticketing system. Determining the full scope and extent of the attack remains an ongoing part of the investigation. Ascom has confirmed that no additional IT systems or customer systems have been impacted. The company reiterated that its business remains fully operational as usual. Ascom stated that no preventive action is currently required from its customers or partners. To maintain transparency, Ascom keeps close contact with its customers and partners through its regional leadership. The company will continue to inform those stakeholders of any developments in the investigation. Media or other interested parties may direct questions to the address [email protected].