The Swiss government has warned that sensitive data has been stolen and leaked following a cyber attack on a supplier.
Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
"Investigations are currently under way to determine the specific units and data affected by the attack," Swiss authorities said in a statement. "As Radix has no direct access to Federal Administration systems, the attackers did not gain entry to these systems at any time."
The government said that the Swiss National Cyber Security Center (NCSC) is coordinating further investigations.
The agency is in continuous dialogue with Radix, as well as the prosecution authorities and the Federal Administration units affected by the attack, and will release more information in due course.
With the government apparently refusing to pay a ransom, the stolen data has now been published on the dark web by the Sarcoma ransomware group.
"Affected individuals were personally informed if particularly sensitive personal data could have been affected," said Radix.
"Based on current knowledge, there is no indication that sensitive data from partner organizations has been affected."
Who are the Sarcoma ransomware group?
The Sarcoma ransomware group has appeared relatively recently, having been first detected late last year.
Since then, though, it's become highly active, targeting organizations including Smart Media Group Bulgaria, Unimicron, and TMA Group.
The group typically carries out its attacks via phishing emails, but is known to also target outdated software and vulnerabilities, as well as supply chain weaknesses.
Andrew Costis, engineering manager of the adversary research team at AttackIQ, said that while the group is a relative newcomer to the cyber crime landscape, it’s been “very active” and claimed 36 attacks in its first month.
"Sarcoma is known for implementing double extortion tactics, where members are pressured into paying ransoms to avoid information being leaked."
Governments are increasingly coming under fire from cyber attackers, and while this is mostly due to the activity of hostile nation states, there's a threat from financially motivated ransomware gangs as well.
“This incident is yet another reminder that public sector institutions and non-profits are not immune to the tactics of increasingly professionalised cybercriminal groups,” said Lee Driver, vice president of managed security services at Ekco.
“Even when the attack isn’t directly on government infrastructure, the ripple effect through shared third-party platforms can expose sensitive data and create serious trust issues.”
"With data already appearing on the dark web, we’re likely to see further implications as investigators identify which departments and datasets were affected."
According to the Swiss NCSC, it received a cyber incident report on average every 8.5 minutes last year. Over the first half of 2024, the number was almost twice that for the same period the previous year.
MORE FROM ITPRO
- Ransomware victims are getting better at haggling with hackers
- Building ransomware resilience to avoid paying out
- The new ransomware groups worrying security researchers in 2025
-
Cloudflare is cracking down on AI web scrapersNews Cloudflare CEO Matthew Prince said AI companies have been "scraping content without limits" - now the company is cracking down.
-
GitHub CEO Thomas Dohmke thinks there’s still a place for junior developers in the age of AINews GitHub CEO Thomas Dohmke believes junior developers still play a crucial role in the hierarchy of software development teams, and AI won't change that any time soon.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
