Switzerland’s cybersecurity experts still can’t Xplain how federal documents made it to the dark web

Cyber security
(Image credit: Shutterstock)

Though a ransomware attack on Xplain, a Swiss software developer contracted by the country’s federal government, became known almost as it happened in late May 2023, a new report from the country’s National Cyber Security Centre (NCSC) has shed additional, disconcerting light on the extent of the incident.

Per that report (via BleepingComputer), the NCSC believe that 1.3 million files were released by the threat actor, a ransomware group known as Play, in a package on the dark web. 

65,000 of these files are considered ‘relevant’ to the Swiss government, with the vast majority (47,413) of these belonging directly to Xplain. 

Xplain ransomware attack

The NCSC also wrote about the challenges involved in determining file ownership, and the specific nature of each compromised file. It did, however, reveal that the data included employee data and passwords vulnerable to identity theft, technical specifications, and unspecified ‘classified information’, and had determined how many files belonged to each of these categories. 

Xplain, which describes itself as a ‘homeland security’ company, updated its own evolving statement on the attack in the wake of the report on February 8. It claims that, following the attack, it filed a criminal complaint, and ‘rebuilt [its] entire IT infrastructure’ in line with the NCSC’s recommendations. 

Despite this, Xplain maintains that it’s still unclear as to how the attack was made possible, noting that ransomware groups often use undisclosed vulnerabilities to gain unauthorized access to computer systems.

Most importantly of all, the company reports that it has not been significantly harmed financially by the event, which it attributed to its ‘diversified, long-term business model’ (which we think is business-speak for ‘fingers in many pies) and ‘the benefits from indemnity insurance’. 

All’s well that seems to end well, then, but as there’s plenty that we don’t know about how the breach was committed, this may not be the last that we hear about the incident.

More from TechRadar Pro

Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

Read more
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware
8base ransomware site taken down in global police operation
Ransomware
Atos now says its systems weren't hit by a ransomware attack after all
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over