Ever since hackers targeted Swiss defense contractor RUAG, government officials have been tight lipped about the breach. But on Monday Switzerland’s CERT (Computer Emergency Readiness Team) spilled the beans on the attack against the firm and the how perpetrators pulled it off.
While Monday’s report falls short when it comes to outlining the type of data stolen, it goes into rare detail on how it was taken. For example, central to the attack was malware from the Turla family and the use of a sophisticated mix of Trojans and rootkits. Additionally, security experts assert that RUAG computers were infected as early as 2014, according the report, making the attack slow and methodical.
It wasn’t until early May that the public even became aware of the attacks. That’s when Swiss defense minister Guy Parmelin went public about a breach against his government that took place in January during the World Economic Forum in Davos, Switzerland. Parmelin also revealed the attack included penetration of RUAG’s system where attackers breached the company’s servers stealing an undisclosed amount of data.