Switzerland

Swiss multinational company ABB, an electrification and automation technology provider, suffered a cyberattack that disrupted its operations.
Zurich, Switzerland-based ABB released a statement on the incident:
“ABB recently detected an IT security incident that directly affected certain locations and systems.
“To address the situation, ABB has taken, and continues to take, measures to contain the incident. Such containment measures have resulted in some disruptions to its operations which the company is addressing. The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner.

The machines at the Perlen paper factory in the Lucerne town of the same name are at a standstill due to a hacker attack. Newsprint and LWC production at Perlen and packaging production in Müllheim, Germany, which has been down since 7 January, restarted 6 days later on January 13. The chemistry division was not affected and was therefore able to continue production normally.

The factory normally outputs 1400 tons of newsprint paper per day. In a statement, the CPH Group said all IT systems were shut down on the 7th out of an abundance of caution and to contain any spread, strongly suggesting but not confirming they were a ransomware victim. They resumed production in January 13, after 6 days of downtime.

Glutz, a specialist in access solutions, fell victim to a ransomware attack at the end of November. Cyber ​​criminals encrypted data on the systems, as the Solothurn-based company announced at the time. As a security measure, all internal IT systems have been shut down.

"Since December 7th we have been working again in limited normal operation," writes Marco Hauri, CEO, at the request of inside-it.ch. Telephony and e-mail communication could be used consistently. The costs incurred by the attack cannot be estimated at this time.

Hitachi Energy fell victim to an unauthorized access to employee data in some countries after an attack by the Clop ransomware group that leveraged a Zero Day vulnerability in a third-party software provider, Fortra GoAnywhere MFT (Managed File Transfer), company officials said.
The vulnerability exploited in the attack is CVE-2023-0669, a remote code execution flaw disclosed by Fortra on February 1, after attacks exploiting it were detected. The company issued a patch a week after discovery.

The Swiss chocolatier Läderach became the target of a cyber attack on 5 September. The responsible authorities were informed immediately.

Production, logistics and administration in particular are currently affected by the cyber attack. The use of internal tools and communication channels has been reduced to a minimum as a precautionary measure. "In production, it is still possible to work completely except for a sub-area," the company specifies on request.

UPDATE 10Nov22: The logistics are now also working again and the backlogs in deliveries have already been partially made up. "Since the cash register systems are still impaired, we resort to workarounds (use of cash sales, credit card terminals)," writes Läderach.

SITA, an airline technology and communication provider that operates passenger processing systems for airlines, was the victim of a cyber-attack involving passenger data. SITA serves 90% of the world's airlines and disclosed that among the airlines affected were various major airlines including Air India, Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Singapore Airlines and Cathay Pacific.

Singapore Airlines reported that 580,000 of its frequent flyer members were compromised in the attack and Air India estimated that personal data relating to 4.5 million of its passengers was stolen.

One of Europe's biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. The Swiss company showed up on the list of victims for the Hive ransomware on February 1 and confirmed that they were attacked in January. "We have restored and restarted our commercial activity already days after the incident on January 11, 2022," a spokesperson said, declining to answer more questions about whether customer information was accessed.

June 2022: Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations. On June 2, 2022 the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins. The data being sold consists of 7.7 MB of PDF files, which all have a timestamp of 2/25/2022 04:26, likely when the data was stolen. As the amount of data for sale is minimal, it is not clear if this is all the threat actors stole or if they have further data to sell later.

Novartis declined to answer any further questions about the breach, when it occurred, and how the threat actors gained access to their data.

Swissport, the world’s largest airport ground services and cargo handling company, fell victim to a ransomware attack.
The Zurich-based firm said it spotted the hack early on Feb. 3 to contain potential damage to its IT systems. Some flights were delayed at Zurich airport and passengers are being warned of further potential disruption.
Swissport’s website was forced offline by the cyberattack and the company said some services had been affected for passengers and freight.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.