Cyber Attack On Switzerland Continues, NoName Hits Ministry


Cyber attack on Switzerland continues, with notorious threat group NoName claiming responsibility for the cyber attack on several government departments and official departments.

The targets NoName claimed include the Swiss Federal Department of Justice and Police, Swiss railway company Südostbahn, Federal Department of Home Affairs, among others. The websites of several other departments remained inactive.

“The website of the Swiss Ministry of Justice and Police was slammed,” NoName group posted on its Telegram channel. “Victory will be ours!” Soon after, the group listed the other administrative bodies and institutes they attacked.

In the initial investigation of the latest cyber attack on Switzerland, the Swiss Federal Department of Justice and Police website was found inactive at 2pm IST.

The Cyber Express has reached out to the Swiss National Cyber Security Centre (NCSC) for a confirmation of the cyber attack on Switzerland.

According to an AFP report, the Swiss finance ministry  has confirmed that several federal administration websites are unavailable on Monday.

The main Swiss government portal http://www.admin.ch remained accessible, The Cyber Express verified.

Cyber Attack On Switzerland

NoName and the latest Cyber attack on Switzerland

The present cyber attack on Switzerland ministries and departments is the latest in the series of events that have been developing over the week.

A cyber attack occurred on a technology firm called Xplain, which provides government software for various departments in Switzerland, affecting various departments, the Swiss government confirmed on June 8.

The Swiss government stated that Xplain had fallen victim to a ransomware attack, during which the stolen data was encrypted and the attackers demanded a ransom. Some of the stolen data was subsequently posted on the darknet.

“Contrary to the initial findings and following recent in-depth clarifications, it has to be assumed that operational data could also be affected,” said the government announcement.

“Based on the information currently available, the Federal Administration does not believe that the Xplain systems have direct access to the Confederation’s systems,” the statement added.

Xplain serves clients such as the Swiss army and the customs department, providing software for homeland security purposes.

Xplain identified Play ransomware group named Play as the perpetrator of the attack. Xplain’s director, Andreas Loewinger, confirmed that there had been no communication with the Play group, and they have no intention of paying the ransom, an AFP report said.

NoName: A group with a plan

NoName057(16), popularly known as NoName, is a hacktivist group with pro-Russian leanings that was first observed in March 2022 and has been active since then.

Additionally, the group has been observed using the names NoName05716, 05716nnm, and Nnm05716.

“According to the group’s manifesto, their actions are a response to those who have taken an openly hostile position toward Russia, and they have the strength and experience to restore justice,” reported threat intelligence service SOCRadar.

“The group also notes that they do not work for financial gain and are willing to cooperate with like-minded groups. The manifesto emphasizes the importance of truth as a source of strength.”

The group maintains a private Telegram channel called DDosia Project, which serves as a communication platform for the Dosia tool they employ.

“Through their DDosia project, pro-Russia hacktivist group NoName057(16) is still conducting DDoS attacks, mostly with the goal to take offline websites of institutions and companies in European countries,” reported cybersecurity company Avast.

On their Telegram channels, the group openly declares their actions as supportive of Russia in the ongoing war against Ukraine, indicating their intention to persist with their activities throughout the conflict.

Notably, the group incentivizes individuals by offering cryptocurrency payments for installing their DDosia tool and participating in the attacks.

“NoName057(16) is trying to improve the efficiency of the DDoS attacks. They are trying to move to a more efficient Go platform because the pilot variant written in Python was lacking in performance,” the Avast report said.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link