The Swiss government is announcing that a ransomware assault at the third-party company Radix has affected sensitive data from multiple federal offices.
The Swiss authorities claim that the hackers obtained information from Radix systems and then posted it on the dark web. The nation's National Cyber Security Centre (NCSC) is assisting in the analysis of the leaked data to determine which government agencies are affected and to what extent.
“The foundation Radix has been targeted by a ransomware attack, during which data was stolen and encrypted,” the Swiss government noted. “Radix’s customers include various federal offices. The data has been published on the dark web and will now be analyzed by the relevant offices.”
Radix is a Zurich-based non-profit focused on health promotion. It operates eight competence centres that carry out projects and services for the Swiss federal government, cantonal and municipal corporations, and other public and private organisations.
According to the organization's statement, Sarcoma ransomware affiliates penetrated its systems on June 16. Sarcoma is a newly emerging ransomware outfit that began operations in October 2024 quickly became one of the most active, claiming 36 victims in its first month. One notable example was an attack on PCB giant Unimicron.
Phishing, supply-chain attacks, and outdated flaws are some of the ways Sarcoma gains access. Once RDP connections are exploited, the hackers usually proceed laterally across the network. The threat actor may encrypt the data in addition to stealing it in the final phase of the attack. On June 29, the ransomware outfit uploaded the stolen Radix data on their leak portal on the dark web, most likely after extortion attempts failed.
Personalised alerts were sent to affected individuals, according to Radix, which also states that there is no proof that critical information from partner organisations was compromised.
Radix advises potentially vulnerable users to be on guard over the next few months and to be cautious of attempts to obtain their account credentials, credit card details, and passwords in order to mitigate this risk.
In March 2024, the Swiss government confirmed it had experienced a similar exposure via third-party software services provider Xplain, which was attacked by the Play ransomware gang on May 23, 2023. As a result of that incident, 65,000 Federal Administration documents were leaked, many of which included private and sensitive data.