In a significant cybersecurity breach, Swissmem, Switzerland’s leading association for the mechanical and electrical engineering industries, has been targeted by the Hunters International ransomware group. The attackers claim to have exfiltrated approximately 456 GB of sensitive data, including technical specifications, financial records, and confidential details of member organizations. If their ransom demands are not met, they threaten to release this data within the next 4–5 days.

This cyberattack underscores the growing vulnerabilities within Switzerland’s industrial sector, with reports indicating that 70% of companies in this sector have faced cyberattacks in the last two years. The breach raises urgent concerns about industrial espionage, business continuity, and national cybersecurity resilience. 

The rise in ransomware attacks isn’t surprising, considering how ransomware source codes are now being sold on underground hacking forums. Read more about a recent case where INC ransomware’s source code allegedly went up for sale on the dark web: INC Ransomware Source Code Up for Sale on Hacking Forums.

Hunters International: A Rising Cyber Threat

Active since late 2023, Hunters International has quickly established itself as a formidable ransomware-as-a-service (RaaS) operation. Cybersecurity researchers link this group to the remnants of the notorious Hive ransomware group, which was dismantled by international law enforcement.

The group’s tactics have evolved significantly, focusing on double extortion—where they not only encrypt critical systems but also exfiltrate sensitive data, using the threat of exposure as additional leverage.

Notable Attacks by Hunters International

Hunters International has been responsible for several high-profile cyberattacks, including:

• The U.S. Marshals Service – resulting in significant operational disruption.
• Industrial and Commercial Bank of China (ICBC) – one of the world’s largest banks.
• Schlatter Group – a major manufacturing conglomerate.

Now, with Swissmem as their latest victim, Switzerland’s engineering and manufacturing sector faces a serious cybersecurity reckoning.

How the Attack Was Executed

According to cybersecurity experts, Hunters International likely exploited known vulnerabilities in public-facing servers, particularly targeting Oracle WebLogic software. Once inside, they deployed their Rust-based ransomware payload, which is designed to:

• Evade traditional security solutions through obfuscation techniques.
• Disable security protections such as Windows Defender and endpoint detection and response (EDR) systems.
• Exfiltrate data before encryption to pressure victims into paying the ransom.

Once access was established, the attackers used tools like Impacket to escalate privileges, allowing them to move laterally across Swissmem’s network, ultimately leading to full system compromise.

A 2024 cybersecurity survey found that 43% of Swissmem’s members lack dedicated incident response teams, further exacerbating the sector’s vulnerabilities to sophisticated cyber threats.

Impact on Swiss Industry and Economy

Switzerland’s $250 billion engineering sector plays a crucial role in the national economy, accounting for 32% of the country’s total exports. The leaked data could include:

• Blueprints for precision machinery, potentially benefiting competitors.
• Client contracts and negotiations, which could lead to financial losses.
• Export control documents, raising regulatory and compliance concerns.

If this data is published, it could compromise Switzerland’s industrial competitiveness, leading to:

• Intellectual property theft, weakening Swiss innovation.
• Loss of client trust, impacting long-term business partnerships.
• Regulatory investigations, creating legal and financial liabilities.

While Swissmem has yet to confirm the full operational impact, the cyberattack has sent shockwaves through Switzerland’s industrial and cybersecurity communities. 

As ransomware attacks become more frequent and sophisticated in 2024, businesses must rethink their cybersecurity strategies. Learn about the biggest cybersecurity threats of 2024 and how companies can stay protected: Cybersecurity in 2024.

What Comes Next? Swissmem’s Response and Industry Precautions

With the ransom deadline fast approaching, Swissmem now faces a crucial decision:

• Negotiate with the cybercriminals and potentially set a dangerous precedent.
• Refuse to pay and risk catastrophic data leaks.

Cybersecurity analysts warn that paying the ransom does not guarantee safety, as many ransomware groups sell stolen data on dark web forums, even after payment.

A Wake-Up Call for Switzerland’s Industrial Sector

The Swissmem ransomware attack is a harsh reminder that no industry is immune to cyber threats. As Hunters International and other ransomware groups refine their tactics, Switzerland’s engineering and manufacturing giants must prioritize cybersecurity to protect their intellectual property, financial assets, and industry reputation.

With the clock ticking and Hunters International poised to release the stolen data, Swissmem must act decisively. This attack will likely serve as a catalyst for stronger cybersecurity regulations and collaborative defense strategies among Switzerland’s leading industrial firms.

Switzerland has long been a leader in precision engineering and innovation—now, it must prove that it can also lead in cybersecurity resilience.