The Swiss Air Force has been the victim of a malicious cyber-attack. The group allegedly responsible for the data breach is suspected to originate from Russia.
A US security company providing communication technology to defense firms globally fell victim to a cyberattack. The Swiss Air Force was among the entities affected. Switzerland’s Federal Department of Defence has officially confirmed the data breach and is investigating the incident.
Hackers are believed to have stolen thousands of documents from the US company “Ultra Intelligence & Communications.” Around 30 gigabytes of partly sensitive and classified documents are believed to have ended up on the darknet and are, therefore, generally accessible to the public.
The company supplies national and international defense companies with military and intelligence encryption and communications technology. Its customers include the Swiss Federal Department of Defence and defense contractor RUAG.
The leaked documents include a contract between the Swiss Department of Defence and the US company for almost $5 million (CHF 4.28 million). According to this and other leaked documents, the Department of Defence purchased the Air Force’s encrypted communications technology. Among the leaked documents are emails and payment receipts showing when the transactions took place.
In addition to the Defence Department, the name Ruag can also be identified in the data. The defense company, now divided into two entities, has been sourcing technology from ‘Ultra Intelligence & Communications’ since at least 2017.
According to cyber security expert Marc Ruef, data leaks in the military sector are particularly dangerous. “The military and intelligence services endeavor to release as little data and information as possible about their capabilities. And of course, this has now happened here unintentionally”.
The Federal Department of Defence confirmed the hacker attack to Swiss public television SRF Investigativ, stating that “Armasuisse and the Defence Group were informed about the ransomware attack by the company Ultra Intelligence & Communications.” As of the current state of knowledge, the operational systems of the armed forces remain unaffected, and investigations are ongoing.
As for Ruag, the leaked documents concern a business unit that is currently no longer part of RUAG MRO Holding Ltd. “Ruag International Holding Ltd and Ruag MRO Holding Ltd have been operating separately since 2020,” say representatives from the company.
The hacked company “Ultra Intelligence & Communications” declined to comment to SRF Investigativ’s inquiries.
FBI and NATO also affected by the hackers
The leaked data shows that “Ultra” carries out contracts for defense companies, police and military authorities worldwide. These include the Federal Bureau of Investigation (FBI) and the North Atlantic Treaty Organization (NATO). According to security expert Marc Ruef, the attack means “major reputational damage because the company is a security company and offers security solutions.”
The extent of the damage is still unclear. According to Ruef, what is clear is that the publication of such sensitive information could pose a danger to the organizations involved. “If a vulnerability in the sold systems becomes known, attackers will have information on where this technology is installed due to the leak. They can then exploit this vulnerability on a large scale,” explains Ruef. So, such data leaks can be hazardous even if they don’t contain any technical secrets.
The Confederation’s partners are responsible for these leaks, says Ruef. “This raises the question of whether Switzerland should demand more security from its suppliers and monitor and enforce it.”
