Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider.
Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical tactical capabilities, including cybersecurity and remote cryptographic management systems for clients including the DoD, FBI, DEA, NATO, AT&T, the Swiss Federal Department of Defence and defence contractor RUAG.
Ultra Intelligence & Communications has been breached by BlackCat.
The Swiss Federal Department of Defence confirmed that the Swiss Air Force was among the impacted organizations. Swiss authorities launched an investigation into the incident.
The ransomware gang stole around 30 gigabytes of sensitive documents from the US company.
“The leaked documents include a contract between the Swiss Department of Defence and the US company for almost $5 million (CHF 4.28 million).” reported the SwissInfo website. “According to this and other leaked documents, the Department of Defence purchased technology for the Air Force’s encrypted communications. Among the leaked documents there are also emails and payment receipts that show when the transactions took place.”
The Federal Department of Defence confirmed that the operational systems of the armed forces were not impacted by the incident.
The ALPHV/Blackcat group was the second most prolific ransomware-as-a-service operation, it amassed hundreds of millions of dollars in ransom payments.
The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure.
BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the Swissport, NCR, and Western Digital.
At this time the Tor leak site of the group is not reacheable.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Swiss Air Force)