RUAG has expertise in detecting and eliminating IT attacks and securing systems against them. Based on information from the federal intelligence agency, RUAG was able to detect and successfully halt a highly professional hacker attack on its IT systems. Because of the small volume of data stolen, the attackers' strategy remained unrecognized for some time.
Here are the key facts and background information:
- RUAG is constantly confronted with cyber-attacks and is accustomed to having to repel them.
- RUAG has no indications that customers other than the DDPS were affected.
- Moreover, the malware has not crossed over into the DDPS's systems.
- RUAG regrets the intrusion into its systems.
- The attack on RUAG was carried out very professionally. Together with the relevant federal authorities (in particular the Reporting and Analysis Centre for Information Assurance "MELANI" and the DDPS), RUAG rapidly and accurately initiated the necessary response, thereby averting further damage.
- RUAG strictly observes federal security regulations. No data classified as secret is stored on RUAG systems which are connected to the Internet.
- RUAG can therefore state that no secret data was affected by the attack on RUAG.
- Furthermore, any data classified as confidential stored on Internet-connected RUAG systems is encrypted.
- The data obtained account for less than 0.01% of the volume of data managed by RUAG.
- Thanks to the immediate response, RUAG is certain that no further data was copied or stolen after the intrusion was detected.
- RUAG has been observing and tracing the hackers' activities since January 2016, acquiring intelligence that will enable us to make further long-term improvements to the security of our systems. It would not have been possible to release information sooner without jeopardizing these covert investigations, which were conducted with the Office of the Attorney General and the relevant federal agencies.
- For confidentiality reasons and in line with RUAG policy, the results of the investigations are not being disclosed to the public. Moreover, their content could allow inferences to be made about the company's security architecture