www.swissinfo.ch August 28, 2025 -
Swiss health groups found national cyber-security centre to warn against cyber attacks.

The cantonal hospital authorities of Ticino and Graubünden are among the founders of the Healthcare Cyber Security Centre (H-CSC).

The premise is that “hospitals are tempting targets for cybercriminals, since they handle large quantities of sensitive data,” said H-CSC as it was officially established in Thurgau.

The initiative in Ticino was also joined by the Gruppo ospedaliero Moncucco, which brings together the Moncucco clinics in Lugano and Santa Chiara in Locarno, and a Graubünden foundation made up of health care associations, including the Thusis hospital.

Founding members also include the university hospitals of Basel, Bern and Zurich, but not in Geneva and Lausanne.

French-speaking institutions are clearly under-represented – the Fribourg and Valais hospitals are the only members from this region. But H-CSC is set to grow. “Membership of the association will be open from 1 September 2025 to all hospitals with a public service mandate”.

The H-CSC project was launched last year on the recommendation of the Federal Office for Cyber Security. The aim of the association is to offer tailor-made security services for hospitals in the field of cyber security.

The H-CSC (https://www.h-csc.ch/) will serve as a platform to promote knowledge exchange and collaboration between hospitals, expand existing competencies and create synergies that will “sustainably strengthen their ability to prevent, detect and contain cyber incidents”, the association’s website states.

Such incidents can “severely compromise the functioning (of hospitals), causing the postponement of surgeries, encryption and/or disclosure of sensitive patient data, or the inoperability of medical devices.”

telegraph.co.uk 2025/08/17/ - Lazarus cyber gang believed to have used stolen funds to boost military and nuclear programmes

North Korean hackers have been accused of a £17m Bitcoin heist that brought down a UK-based cryptocurrency company.

Lazarus, the hermit kingdom’s notorious cyber gang, has been identified as the potential culprit behind the theft of cryptocurrency from Lykke, a trading platform incorporated in Britain.

If confirmed, it would be North Korea’s biggest-known cryptocurrency heist to target Britain. The pariah state has made billions in recent years stealing cryptocurrency to fund its military and nuclear programmes.

Lykke was founded in 2015 and operated from Switzerland but was registered in the UK. The company said last year that it had lost $22.8m (£16.8m) in Bitcoin, Ethereum and other cryptocurrencies, forcing it to halt operations.

In March a judge ordered the company to be liquidated after a legal campaign from more than 70 affected users.

North Korea was named as the potential hacker in a recent report by the Office of Financial Sanctions Implementation (OFSI), a branch of the Treasury.

“The attack has been attributed to malicious Democratic People’s Republic of Korea cyberactors, who stole funds on both the Bitcoin and Ethereum networks,” it said.

The Treasury said the OFSI did not reveal the sources of its information but that it worked closely with law enforcement.

Lazarus had been separately blamed for the attack on Lykke by Whitestream, an Israeli cryptocurrency research company.

It said the attackers had laundered the stolen funds through two other cryptocurrency companies notorious for allowing users to hide their tracks, and thus avoid money-laundering controls.

Other researchers have disagreed with the conclusions, saying it is not currently possible to determine who hacked the exchange.

Lykke was founded by Richard Olsen, a great-grandson of the Swiss banking patriarch Julius Baer, and offered cryptocurrency trading without transaction fees.

The company was run out of Zug in Switzerland’s so-called “crypto valley” but its corporate entity was registered in Britain.

In 2023, the Financial Conduct Authority issued a warning about the company, saying it was not registered or authorised to offer financial services for consumers in Britain.

Despite saying it would be able to return customers’ funds, it froze trading after the hack and officially shut down last December.

The company was liquidated in March following a winding up petition in the UK courts brought by a group of customers, who say they have lost £5.7m as a result of the company shutting down.

Interpath Advisory has been appointed to distribute the remaining funds to those who lost money. Its Swiss parent was placed into liquidation last year.

Mr Olsen was declared bankrupt in January and is the subject of criminal investigations in Switzerland, according to British legal filings. He did not respond to requests for comment.

Bern, 29.07.2025 — The Office of the Attorney General of Switzerland (OAG) has been conducting criminal proceedings since 2022 in the matter of a large-scale phishing series. Fake e-banking login pages had been used to defraud numerous Swiss bank customers, resulting in losses of around CHF 2.4 million. In this context, the OAG took over about thirty cases from the cantons. The investigations conducted by the OAG and fedpol led to the identification and location of the developer and distributor of phishing kit in the UK. The case was taken over by the British authorities, who were already conducting similar proceedings against the individual involved. He was sentenced by a court in the UK on 23 July 2025 to seven years imprisonment. This success demonstrates the importance of international cooperation in the fight against cybercrime.

In July 2022, the Office of the Attorney General of Switzerland (OAG) initiated criminal proceedings against persons unknown on suspicion of computer fraud (Art. 147 para. 1 in conjunction with para. 2 Swiss Criminal Code (SCC)) in connection with an extensive phishing series. Prior to this, several cantonal public prosecutor's offices had already initiated proceedings in around 30 cases in connection with the same matter, which the OAG subsequently took over and joined in its proceedings. In August 2023, following the identification of the developer and distributor of the phishing kit, criminal proceedings were extended to this person.

Real-time phishing on a grand scale

Between May 2022 and September 2022, unknown perpetrators created and used several fake login websites (phishing pages) for various Swiss banks, using what is known as a phishing kit. Bank customers who used Google Search to access their account ended up on the phishing pages posted as adverts and fell victim to the scam when they attempted to log into their supposed e-banking accounts. As a result, their e-banking access data were intercepted unbeknown to them, enabling the perpetrators to use the stolen access data to log into the victim's e-banking accounts and enable the two-factor authentication. The victims still believed that they were on the bank's real website and authenticated the login by entering the authentication code they received by text message on the phishing page. As a result, the perpetrators gained access to their authentication codes. This enabled them to successfully log into the victims' e-banking accounts and register an additional device with the bank to confirm two-factor authentication. The perpetrators were then able to log into the victims’ e-banking accounts without any further action by the victims and initiate payments without their knowledge or consent. The damage caused to the injured parties in the Swiss criminal proceedings amounts to CHF 2.4 million.

Successful cooperation with the UK, Europol and Eurojust

The intensive investigations conducted by the OAG and fedpol resulted in the identification and localisation of a British national who had developed and distributed the phishing kit. The OAG and fedpol's subsequent close cooperation with Europol, Eurojust and UK law enforcement authorities led to the arrest and prosecution in the UK of the developer and seller of the phishing kit. As the UK authorities were already conducting similar proceedings against this person, they took over the Swiss proceedings at the OAG’s request, continuing them in the UK. The OAG subsequently discontinued its criminal proceedings. On 23 July 2025, the perpetrator was sentenced in the UK to seven years imprisonment for his offences (press release from the Crown Prosecution Service). This success demonstrates the importance and effectiveness of international cooperation in tackling the fight against the ever-increasing cybercrime.

swissinfo.ch - Swiss defence ministry funds domestic satellites with eye on sovereign communications network.

The first test satellite from the Geneva-based company Wisekey has been flying over Switzerland three times a day since January, with more to follow.

The satellite is not much larger than a desktop computer – a gray box equipped with panels. Wisekey launched the first test satellite for the Swiss army in January from California on a launch vehicle from Elon Musk’s company SpaceX.

Company founder and CEO Carlos Moreira confirmed this to Swiss public broadcaster SRF. “The satellite belongs to us. We lease it to the Swiss army through a partnership,” Moreira said.

Moreira’s company has been working with the army for three years. The next satellite is scheduled to be launched in June, with five more to follow. “Every time the satellite flies over Switzerland, we conduct tests,” said Moreira.

Switzerland says a ransomware attack on the non-profit health foundation Radix that involved data being stolen and encrypted had also affected the federal administration.
The Radix Foundation, a not-for-profit organisation active in the field of health promotion, has been the victim of a ransomware attack, it was confirmed on Monday. The criminals stole and encrypted data, which they then published on the darknet.

The foundation contacted the National Cybersecurity Centre (NCSC) after carrying out an initial analysis of the situation, it announced on Monday. Radix’s clientele also includes various administrative units of the federal administration.

The aim is to determine which services and data are actually affected by the cyber attack. At no time were the hackers able to penetrate the systems of the federal administration, as the Radix Foundation itself does not have such direct access, the centre pointed out.

Roughly 16% of Swiss federal politicians had their official government email leaked on the dark web. This puts them at risk of phishing attacks or blackmail.

In the latest installment of our investigation into politicians’ cybersecurity practices, we found the official government email addresses of 44 Swiss politicians for sale on the dark web, roughly 16% of the 277 emails we searched. Constella Intelligence(new window) helped us compile this information.

Sharp-eyed readers might wonder why we searched for 277 email addresses if there are only 253 politicians between the Council of States, Federal Council, and National Council. The explanation is some politicians publicly share another email address along with their official government one. In these cases, we searched for both.

Since these email addresses are all publicly available, it’s not an issue that they’re on the dark web. However, it is an issue that they appear in data breaches, meaning Swiss politicians violated cybersecurity best practices and used their official emails to create accounts with services like Dropbox, LinkedIn, and Adobe, although there is evidence some Swiss politicians used their government email address to sign up for adult and dating platforms.

We’re not sharing identifying information for obvious reasons, and we notified every affected politician before we published this article.
Swiss politicians performed roughly as well as their European colleagues, having few fewer elected officials with exposed information than the UK (68%), the European Parliament (41%), and France (18%), and only slightly more than Italy (15%).

It should be noted that even a single compromised account could have significant ramifications on national security. And this isn’t a hypothetical. The Swiss government is actively being targeted on a regular basis. In 2025, hackers used DDoS attacks(new window) to knock the Swiss Federal Administration’s telephones, websites, and services offline. In 2024, Switzerland’s National Cyber Security Center published a report stating the Play ransomware group stole 65,000 government documents(new window) containing classified information from a government provider.

A cyberattack on the Zug-based procurement service provider Chain IQ apparently has far-reaching consequences for UBS: data from 130,000 employees, including the direct number of CEO Sergio Ermotti, is said to have ended up on the darknet.

A person has been arrested in Switzerland as part of a ccordinated raid on 270 dark web sites in ten countries.
The international raid, dubbed “RapTor”, dismantled networks trafficking drugs, weapons and counterfeit goods. The suspects were identified during the dismantling of the dark web markets Nemesis, Tor2Door, Bohemia and Kingdom Markets.

Many of them made thousands of sales on illegal markets using encryption tools and cryptocurrencies to cover their tracks.

Officers seized more than 180 firearms, over two tonnes of drugs and €184 million in cash and cryptocurrencies during the operation, which included arrests in ten countries, including Germany, France, Austria, Britain and the United States.

The number of reported cyber incidents and online threats in Switzerland rose sharply last year, according to the National Cyber Security Centre (NCSC).

Last year, almost 63,000 cyber-related incidents were reported to the National Cyber Security Centre (NCSC) in Switzerland, an increase of 13,500 cases over the previous year. Between July and December, the NCSC recorded more than 28,000 incidents, slightly fewer than in the first half of 2024.

Fraud, phishing and spam messages continue to be the most frequently reported incidents. The increase on the previous year is mainly due to the phenomenon of false calls in the name of the authorities, with almost 22,000 reports compared with around 7,000 the previous year.

On the other hand, the number of e-mail threats has dropped. Over the past four years, fraudsters have used the telephone more as a communication channel.

Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.

Unbekannte sind in das Mailkonto von Säckelmeister Ruedi Eberle eingedrungen. Dank des Sicherheitssystems konnte eine Weiterverbreitung rasch unterbunden werden. Nach aktuellem Stand sind weder Daten verloren gegangen noch weitere Konten der kantonalen Verwaltung betroffen.

This follows a series of high-impact arrests targeting Phobos ransomware:An administrator of Phobos was arrested in South Korea in June 2024 and extradited to the United States in November of the same year. He is now facing prosecution for orchestrating ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.A key Phobos affiliate was arrested in Italy...

Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations.

Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket on February 10, arresting four foreign hackers involved in ransomware attacks. The operation, coordinated with Immigration Police and Region 8 Police, raided four locations across Phuket....

Four alleged European hackers have been arrested in Phuket for deploying ransomware on the networks of 17 Swiss firms. The suspects are accused of causing significant damage and stealing $16 million in Bitcoins from 1,000 global victims.

How Russian propaganda challenges Switzerland's neutrality, using disinformation to sway public opinion in the Ukraine war.

What do you do if a web address you printed on a physical flyer contains a typo, and you send that flyer to more than 100,000 households? Well, if you're

After federal police came to an employee’s house to ask questions, encrypted messaging company Session has decided to leave Australia and switch to a foundation model based in Switzerland.

Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.

Extensive data leak in Switzerland: The Zurich-based asset manager Boreal Capital Management has been attacked by a hacker group, with data from around 700 current and former clients being stolen and published, according to media reports.

people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously.

at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us.

half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here?

starting our descent