The ransomware gang Play carried out their threat and supposedly made all the data they stole from the Bernese IT service provider Xplain AG accessible on the dark web. The so-called “Full Dump” should contain a total of 907 gigabytes (GB). This is evident from a new message on the leak site of the criminal organization.
What the “Full Dump” contains is not publicly known.
Numerous government organizations have worked with Xplain in recent years. The Bernese company develops specialist applications and provides technical support.
Xplain sent Watson a written statement on the recent events on Wednesday:
In preparation for further disclosure of stolen data, further investigations have been carried out in collaboration with the investigative authorities, the NCSC and the customers involved.
With the publication of what is believed to be the entire stolen database on June 14, 2023, all those involved will continue this work with great intensity. All persons affected by the data theft will be notified directly by the respective data owners.”
Did not respond to attempted blackmail
Earlier, unknown cybercriminals released a few GB of stolen data to put pressure on the affected company. Apparently this did not work out and because the victim did not want to pay the ransom, the perpetrators have now made all data public.
The attack in May affected numerous Swiss authorities who had or have a business relationship with the hacked IT company. According to reports, the stolen data includes business correspondence between Xplain AG and its customers.
According to Watson’s research, several federal government institutions are affected:
- Federal Office of Buildings and Logistics (FOBL)
- Federal Office for Migration (FOM)
- Federal Office of Justice (FOJ)
- Federal Police Fedpol
- Directorate-General for Customs, Federal Office for Customs and Border Security
- General Secretariat GS-EJPD
- The former Border Guard Corps (GWK), now the Federal Office for Customs and Border Security BASF
- IT Service Center ISC-EJPD
The Federal Public Service Defence, Civil Protection and Sport (DDPS) is also affected.
There are also numerous cantonal authorities, as well as other well-known national organizations such as Rega, the Railway Police, Securitrans (today Transsicura). And the city police of Zurich is also one of Xplain’s customers.
Allegedly no sensitive data
The Liechtenstein State Police was also affected by the hacker attack, it was announced on Tuesday. However, the stolen data is just project information.
In the worst case, it concerns case data in individual cases, the Keystone-SDA news agency quotes from a statement by the state police. Case data and personal data were not stored on Xplain servers.
An earlier statement from Xplain said that “no personal and business data from customer systems” was stored on their own servers.
The ransomware gang Play was previously also responsible for hacker attacks on the Valais municipality of Saxon VS (May 2023), the media houses CH Media and NZZ (April), Energie Pool Switzerland (February) and H-Hotels (December 2022). However, these are only the publicly known victims. IT security experts assume that the number of unreported cases is high.
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
