If the information from the PLAY group is correct, then they claim to have captured 900 GB of data from Xplain, a Swiss IT and software service that supports many Swiss authorities such as the police, law enforcement agencies, customs and border administration, courts and parts of the Army provided with services and software. The first 7 GB are already available for free download on the Darknet.
Switzerland is currently being hit by many high-profile attacks. After Attack on Media CH and the NZZ it has now hit the Swiss IT service and software provider Xplain. The APT group PLAY wants to have successfully penetrated their systems by May 23.05.2023, 907. The first screenshots on the PLAY Group's leak page showed that XNUMX GB of data was said to have been stolen.
PLAY claims to have captured 900 GB of data
🔎 The APT group PLAY released 5 GB of data from Xplain and claims to have stolen a total of 907 GB of data (Image: B2B-CS).
Since Xplain does not appear to have responded to the extortion, the group has currently published around 5 GB of data as packed archives. Only the company Xplain can confirm whether this data is real. However, there is no official statement from the company to date. The side Watson.ch there is an initial response from the company. There it says: “Xplain AG is affected by a cyber attack by the ransomware group PLAY. We noticed the attack immediately and responded quickly to minimize the impact and restore the security and availability of our production systems. We are currently working closely with external cybersecurity experts and the authorities to thoroughly investigate the incident."
Data gone or not?
If the captured data is real, this can still be a problem for Xplain. Because most of our customers are police authorities from different cantons. Furthermore, the company supplies courts, customs and border administration as well as parts of the Swiss army with IT services or complete software solutions. According to the first reports from the authorities, no important data from the police or customs and border security should be included in the package. It should only be about customer communication. Data from the Swiss army should not even be included.
However, Xplain told Watson.ch that no government data was stolen. “The exact details of the attack, including the scope and severity of the data theft, are still being investigated. However, we would like to emphasize that we do not store any personal or case data from customer systems in our systems. The potentially affected data could include personal information of our employees and business documents of our company, as well as project information.” so XPlain.
Editor/sel