US subsidiary of Swiss defence contractor hacked

+Get the most important news from Switzerland in your inbox

“We will publish 24 gigabytes of company data. Detailed information from employees […], confidential military information, many contracts and agreements (including military ones), information on how to work with explosives, NDAs and so on,” the hacker group Akira announced their attack on Monday.

+ How vulnerable is Switzerland to hacker attacks?

The target of this attack is an American subsidiary of RUAG, formerly called Mecanex USA, which is now known as RUAG LLC. According to its own statements, RUAG LLC is a partner of air forces worldwide and specializes in maintenance and the procurement of spare parts.

According to their own statements, the focus is on the F-5 Tiger and F/A-18 Hornet fighter jets, which are also used by the Swiss Air Force.

RUAG confirmed a security incident in response to an inquiry from SRF Investigativ. It was “a ransomware attack on RUAG LLC, a subsidiary of RUAG MRO Holding AG.” The company stated that the incident does not threaten any other RUAG companies. “Due to the self-sufficiency of the IT systems used there, the incident is isolated and has no impact on other systems within the RUAG Group.”

Double extortion

Regarding the extent of the affected data, RUAG writes: “According to current information, no particularly sensitive data of employees in Switzerland has been affected.” The incident is currently being investigated and appropriate measures have been initiated.

The hacker group Akira uses its own ransomware, software that steals and encrypts victims’ data, rendering it unusable. Akira promises decryption upon payment of a ransom. Those who refuse payment receive no decryption key, and Akira threatens to publish the data on the dark web.

Akira has now announced such a publication for the data of the RUAG subsidiary. No data has actually been published yet. It is also currently impossible to assess whether the hacking group has actually obtained the data in question and how sensitive it is.

Record number of Swiss attacks

The Swiss Federal Office for Cybersecurity (Bacs) is currently warning about Akira and strongly advises against paying any ransom. According to the authorities, Akira began attacking Swiss companies in May 2023 and has intensified these attacks in recent months.

According to authorities, there are currently about four to five cases per week. This is a record. On a statement from mid-October, the Federal Office of Civil Protection and Disaster Assistance (BAC) also wrote that 200 companies in Switzerland have already fallen victim to Akira ransomware.

In connection with such attacks, the Federal Prosecutor’s Office has been conducting criminal proceedings against persons unknown since April 2024. The damage caused by such hackers in Switzerland already amounts to several million Swiss francs.

The hacking group Akira is not only active in Switzerland but also targets other countries. Now, a subsidiary of the Swiss defense company RUAG in the US has been affected. The extent of the potential data breach for RUAG is currently impossible to assess.

More

Swiss Politics

Audit slams Swiss military contractor for suspected fraud

This content was published on Feb 25, 2025 Auditors accuse Swiss military technology firm RUAG MRO of fraud, lack of transparency and a culture of error.

Read more: Audit slams Swiss military contractor for suspected fraud

Adapted from German by DeepL/mga