Cyberattack exposes Swiss Air Force documents on the darknet
The Swiss Air Force has been victim to a malicious cyber attack. The group allegedly responsible for the data breach is suspected to originate from Russia.
A US security company, providing communication technology to defence firms globally, fell victim to a cyberattack. The Swiss Air Force was among the entities affected. Switzerland’s Federal Department of Defence has officially confirmed the data breach and is currently investigating the incident.
Hackers are believed to have stolen tens of thousands of documents from the US company “Ultra Intelligence & Communications”. Around 30 gigabytes of partly sensitive and classified documents are believed to have ended up on the darknet and are therefore generally accessible to the public.
More
Explainer: how vulnerable is Switzerland to cyber-attacks?
The company supplies national and international defence companies with military and intelligence encryption and communications technology. Its customers also include the Swiss Federal Department of Defence and defence contractor RUAG.
The leaked documents include a contract between the Swiss Department of Defence and the US company for almost $5 million (CHF 4.28 million). According to this and other leaked documents, the Department of Defence purchased technology for the Air Force’s encrypted communications. Among the leaked documents there are also emails and payment receipts that show when the transactions took place.
More
Personal data of the military police affected by hacker attack
In addition to the Defence Department, the name Ruag can also be identified in the data. The defence company, now divided into two entities, seems to have been sourcing technology from ‘Ultra Intelligence & Communications’ since at least 2017.
According to cyber security expert Marc Ruef, data leaks in the military sector are particularly dangerous. “The military and intelligence services endeavour to release as little data and information as possible about their capabilities. And of course, this has now happened here unintentionally”.
The Federal Department of Defence confirmed the hacker attack to Swiss public television SRF Investigativ, stating that “Armasuisse and the Defence Group were informed about the ransomware attack by the company Ultra Intelligence & Communications.” As of the current state of knowledge, the operational systems of the armed forces remain unaffected, and investigations are ongoing.
More
Pro-Russian hackers step up attacks against Swiss targets
As for Ruag, the leaked documents concern a business unit that is currently no longer part of RUAG MRO Holding Ltd. “Ruag International Holding Ltd and Ruag MRO Holding Ltd have been operating separately since 2020,” say representatives from the company.
The hacked company “Ultra Intelligence & Communications” declined to comment to SRF Investigativ’s enquiries.
FBI and NATO also affected by the hackers
The leaked data shows that “Ultra” carries out contracts for defence companies, police and military authorities worldwide. These include the Federal Bureau of Investigation (FBI) and the North Atlantic Treaty Organization (NATO). According to security expert Marc Ruef, the attack means “major reputational damage because the company is a security company and offers security solutions”.
The extent of the damage is still unclear. What is clear, according to Ruef, is that the publication of such sensitive information could pose a danger to the organisations involved. “If a vulnerability in the sold systems becomes known, attackers will have information on where this technology is installed due to the leak. They can then exploit this vulnerability on a large scale,” explains Ruef. So, a leak of such data can be hazardous even if it doesn’t contain any technical secrets.
The hacker group ALPHV has claimed responsibility for the attack. The group is one of the most active hacker groups in the world. It writes on its website that it stole a total of 30 gigabytes of data from “Ultra” and demanded a ransom. “After lengthy negotiations, Ultra refused to pay,” the hackers write on the darknet. The data was then published. The group wrote this on its website on December 27, 2023.
According to Ruef, there are indications that the hacker group could originate from Russia. Last December, the US authorities, in cooperation with other countries, confiscated parts of ALPHV’s servers. Despite this, the hacker group has now apparently managed to hack the US company and upload the data to the darknet.
The Confederation’s partners are actually responsible for these leaks, says Ruef. “This raises the question of whether Switzerland should demand more security from its suppliers and then also monitor and enforce it.”
This news story has been written and carefully fact-checked by an external editorial team. At SWI swissinfo.ch we select the most relevant news for an international audience and use automatic translation tools such as DeepL to translate it into English. Providing you with automatically translated news gives us the time to write more in-depth articles. You can find them here.
If you want to know more about how we work, have a look here, and if you have feedback on this news story please write to english@swissinfo.ch.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
You can find an overview of ongoing debates with our journalists here . Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.