Findings: Cyber espionage attack on RUAG
More than 20 GB of data were stolen during the espionage attack on Ruag. This is likely to include data from the admin directory, which feeds the outlook software of the federal administration. Private personal data was not affected, according to a recent statement by the Federal Council.
As announced by the Federal Council, RUAG computers have been infected with spyware. The Federal Intelligence Service informed the Office of the Attorney General of Switzerland of the incident in January 2016. The Office of the Attorney General of Switzerland subsequently initiated a criminal investigation against unknown persons on 25 January 2016. However, the Federal Council does not confirm speculation about the authorship of the attacks.
After the cyber espionage attack became known, the head of the DDPS Guy Parmelin immediately informed the Federal Council and the relevant political bodies. The Federal Council instructed the Federal Council Security Committee under the leadership of the DDPS to take all necessary immediate measures.
Admin Directory affected
The current findings now show that a data volume of just over 20 GB was stolen from the company by the time the software was discovered. The attack was carried out in a very targeted and professional manner. According to experts, it can take a very long time for such attacks to detect the malicious software, as the attacker moves inconspicuously around the network.
There is a high probability that it contains data from the Admin Directory, which feeds the Outlook of the federal administration. Contrary to what some speculation suggests, the potentially compromised data does not contain any private personal details of employees.
The Federal Intelligence Service and the Reporting and Analysis Centre for Information Assurance of the Confederation MELANI are working closely together in this case and have been able to provide essential findings in the RUAG case with their expert knowledge. MELANI has written a detailed report on the malware used and published it on behalf of the Federal Council. It contains information on the technical details of the cyber attack and is primarily aimed at specialists and security officers so that they can take the necessary precautions to detect and defend against such attacks. (Source: DDPS)
