Cyber Incident Victim: Infolog Data Center SA
Date:
Apr 2023
Location:
Switzerland
Summary
Infolog, a Vaud-based IT services provider, suffered a cyberattack that forced it to take all of its clients' systems offline for three days. The company stated that no data was exfiltrated by the hackers and that its internal technical expertise and secure backups allowed for a full restoration of services. The incident impacted a range of clients including municipalities, SMEs, and automotive businesses, some of whom expressed concern over potential data exposure, though none was confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of Monday, April 10, 2023, into Tuesday, April 11, 2023, the Vaud-based IT firm Infolog suffered a cyberattack. The company, which provides IT services for municipalities, small and medium-sized enterprises (PME), a chain of automotive garages, and industrial service companies, discovered the intrusion on the morning of Tuesday, April 11th. Upon discovery of the hacking incident, Infolog immediately took the decisive step of taking all of its clients' systems offline as a containment measure. This action was taken to prevent the potential spread of the attack and to isolate the compromised infrastructure. The consequence of this immediate containment was a complete cessation of services for Infolog's entire client base, rendering their IT systems inoperable.
Following the initial containment, Infolog technicians engaged in an intensive recovery effort. They worked continuously, day and night, for a period of three days to restore all affected systems. This restoration work was completed by Thursday evening, April 13th, bringing the systems back online after a three-day outage. The company attributed its ability to recover relatively swiftly to two key factors: possessing in-house technical expertise that allowed for rapid problem-solving and maintaining secure backups of all its systems. These backups were instrumental in restoring client data and services without capitulating to any potential attacker demands.
During the incident, an employee of Infolog confirmed that someone from within the company had a contact with the hackers. The precise nature and content of this exchange were not disclosed by the company representative, who stated they were unaware of the details. The article specifically references an inquiry about a potential ransom demand, but the Infolog employee remained vague on this point, neither confirming nor denying whether a formal ransom was requested or paid. The company was, however, categorical in its assessment of data exfiltration. Infolog publicly stated that no data was extracted by the hackers during the attack. The firm asserted, "Aucune donnée n'a été extraite par les hackers. Rien n'est sorti de chez nous," meaning nothing was taken from their systems.
Infolog also reported the incident to the relevant authorities. The company stated it had contacted both the Vaud cantonal police and federal government services. However, the Vaud police confirmed that as of the date of the article's publication, April 18th, no formal complaint related to the incident had been filed with their department. This indicates that while authorities were notified, the process did not advance to a formal criminal investigation by that time.
The impact of the attack extended significantly beyond Infolog's own operations, directly and severely affecting its downstream clients. These clients, which included municipalities and various businesses, experienced a complete loss of their IT services for the entire three-day duration while Infolog's systems were offline. The specific impact on one client, a Mercedes dealership within the Leuba garage chain, was detailed. A customer of this dealership attempted to schedule an appointment online but encountered malfunctions that felt abnormal. Upon phoning the dealership, the customer was informed that the entire IT system was down due to a cyberattack on their service provider, Infolog. This customer expressed significant concern over a lack of direct communication from the affected businesses and anxiety regarding the potential exposure of their personal data on the darknet, despite Infolog's assurances to the contrary.
In its communications, Infolog highlighted the severe challenges businesses face when recovering from such incidents. The company noted that while it had the technical resources to recover in a matter of days, the same incident could have catastrophic consequences for a typical PME client. For a smaller business without dedicated technical staff or robust backups, such an attack could result in months of lost productivity or even lead directly to bankruptcy, underscoring the disproportionate impact cybersecurity incidents can have on smaller organizations.
The article also contextualizes the Infolog attack by referencing a similar incident that occurred just days prior, on March 27th, involving another IT service provider. That attack resulted in the encryption of client data, affecting a retirement home (EMS) in Lausanne. The director of that EMS expressed similar fears about data being leaked on the darknet but was later assured by a specialist-led audit that no data had been exfiltrated, with the attackers' goal seemingly being solely to paralyze systems. The recovery for that EMS lasted until the beginning of the following week. The director of that EMS also noted that a ransom demand had been made in that separate incident but was uncertain whether the provider had paid it or found another solution, drawing a parallel to the vague nature of the details surrounding any potential ransom in the Infolog case.