Cyber Incident Victim: Swiss People's Party
Date:
Mar 2016
Location:
Switzerland
Summary
Hackers identifying as NSHC breached Switzerland's largest political party, stealing personal data including names and email addresses of over 50,000 supporters while claiming to expose cybersecurity vulnerabilities. The group also conducted DDoS attacks against Swiss online retailers and temporarily disrupted the national railways' website. Authorities acknowledged the political party's compromise but could not confirm data theft, while the national cybersecurity center reported no prior awareness of the hacker collective. Separately, at least 6,000 Swiss email account passwords were compromised in unrelated breaches, prompting warnings about potential misuse for fraud or phishing. Officials stated no connection between the political party breach, DDoS incidents, and the email credential leaks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 16, 2016, or shortly before, the Swiss People's Party (SVP), Switzerland's largest political party, suffered a cyberattack claimed by a hacker group identifying as NSHC. The attackers asserted they had compromised the SVP's database and exfiltrated personal data belonging to over 50,000 individuals, including names and email addresses of party supporters. NSHC communicated their actions via a letter to the SVP website, stating their motivation was to expose perceived deficiencies in Switzerland's cybersecurity defenses. The right-wing SVP acknowledged the cyberattack to Swiss media outlet 20 Minutes but could not verify whether data theft had occurred. Concurrently, NSHC claimed responsibility for distributed denial-of-service (DDoS) attacks targeting multiple Swiss online shops earlier that week, as well as an attack on the Swiss Federal Railways (SBB) website. SBB spokesperson Daniele Pallecchi confirmed the railway's website experienced intermittent accessibility issues on Monday afternoon and evening due to these DDoS incidents, with outages lasting approximately one hour and ninety minutes respectively.
The Swiss government's Reporting and Analysis Center for Information Assurance (MELANI) stated it had no prior knowledge of the NSHC group before these incidents. In a separate development disclosed around the same timeframe, MELANI reported a breach involving at least 6,000 Swiss email account passwords, warning that compromised credentials could be exploited for fraudulent activities, blackmail, or phishing campaigns. MELANI advised individuals and organizations to verify potential exposure through its online tool at checktool.ch. Pascal Lamia, head of the Swiss information safety body, explicitly denied any connection between the SVP breach, the email password compromises, and the DDoS attacks on online retailers. The SVP incident highlighted concerns about political party data security, while the broader campaign underscored systemic vulnerabilities affecting Swiss e-commerce and critical infrastructure. No further technical details regarding attack vectors, data verification processes, or forensic findings were disclosed by authorities or affected entities in the immediate aftermath.