Cyber Incident Victim: backslash AG

On November 24, 2024, a cyber attack disrupted public services in Switzerland when Ostschweiz-based website provider Backslash AG suffered a distributed denial-of-service (DDoS) attack targeting its infrastructure. The incident began at 1:30 AM local time when attackers flooded Backslash's external data center with excessive traffic requests, overwhelming its capacity. This caused immediate outages for 318 municipal websites across multiple cantons and the official sites of Schwyz and Glarus cantons. Among affected municipalities were Aarau, Baden, Brugg, Biberstein, Buchs, Kölliken, and Frauenfeld, all clients of Backslash's hosting services. The primary target appeared to be the Schwyz cantonal website, though the attackers' motivations remained unidentified. By Sunday afternoon, all impacted sites except Schwyz's were restored to functionality, though Backslash could not confirm a full resolution timeline during initial assessments.

The Swiss Federal Office for Cybersecurity (BACS) confirmed the attack constituted a volumetric DDoS with no evidence of data breaches, system compromises, or integrity violations affecting municipal or cantonal data. No ransomware demands or political statements accompanied the attack, and authorities found no connection to Switzerland's national voting day occurring concurrently. Critical election infrastructure remained unaffected, with voting results from Glarus and Schwyz transmitted normally through separate channels. Schwyz canton clarified that only public-facing administrative websites were impaired, with internal systems remaining operational throughout. The incident exclusively disrupted public access to informational portals, causing no operational impacts on governance or electoral processes. BACS continued investigating the source and intent of the attack while monitoring restoration efforts.