The darknet, also known as the dark web, is a concealed section of the internet that's inaccessible via standard search engines. You can only access it using special software, settings, or authorization. This area comprises websites and content that are purposely kept hidden from public view.
Accessing darknet requires using Tor Browser, a special web browser that routes your internet traffic through a global network of relays managed by volunteers. This way, it becomes very difficult to trace which websites you're visiting, and these sites won't know where you are located.
When visiting the dark web, use a secure browser like Tor, do not reveal any of your personal information, and don't open suspicious files or links to stay safe.
The Darknet is often utilized for secure communication, discreet information or file sharing, anonymous research without identity exposure, and occasionally for engaging in illicit activities. It is also recognized for hosting underground black markets(darknet markets), whistleblowing platforms, and discussion boards that champion freedom of speech.
While accessing Darknet Markets themselves is typically not against the law in most places, engaging with illicit goods within them is generally considered a crime. On the other hand, some people might visit Darknet Markets for lawful purposes such as research, journalistic work, or simply to explore online communities. It's essential to know the local laws regarding online activities, and be cautious when using these platforms to avoid any potential issues.
Swiss Government Data Leaked On Darknet After Xplain Ransomware Attack
Swiss government data may be on the darknet. This follows a ransomware attack on software provider Xplain. The company has blamed the ransomware group Play for the breach. Xplain, however, will not comply with the ransom demand. Xplain, based in Bern, Switzerland, provides IT services to the Swiss Army and various government agencies.
Recent Swiss Cyberattack: Government Data Exposed Post-Xplain Breach
Swiss authorities have initiated an investigation into the cyberattack targeting Xplain earlier this week. The company reported that the initial attack occurred on Saturday and was attributed to the Play group. Initially, officials denied any government data was compromised. However, authorities in Zurich now acknowledge that it may have appeared on the darknet.
A government statement released on Thursday noted: “Xplain, a Swiss provider of government software, has fallen victim to a ransomware attack. After the data was encrypted and the company was extorted, the attackers have made some of the stolen data available on the darknet.
“Contrary to the initial assessments, it seems that operational data belonging to the federal administration might also be affected. Further investigations are currently ongoing.”
Xplain is firmly rejecting any communication with the ransomware operators and has opted not to pay the ransom. The company has informed Switzerland's National Cybersecurity Centre.
Tech Monitor has reached out to Xplain for comments but has not yet received a response.
Background on the Play Ransomware Group
Play emerged as a notable ransomware group last year, renowned for its "big game hunting" methodology, whereby it targets specific victims to extract credentials and sensitive information that could be leveraged to access other companies' systems.
The group's tactics are comparable to those employed by the infamous Hive ransomware team, leading researchers to speculate that Play may be operated by the same individuals.
Earlier this month, Play compromised Spanish Bank GlobalCaja, claiming to have acquired sensitive personal and private information, though no ransom has been reported as paid. Also, the group targeted the US cities of Lowell and Dallas. They leaked 5GB of data from Lowell and disrupted several local government systems.
Ransomware Incidents in Switzerland
This attack isn’t Play’s first foray into Switzerland’s cyber landscape. Earlier this year, Play targeted the newspaper group Neue Zürcher Zeitung (NZZ), demanding ransom to prevent data disclosure on the darknet.
In May, subscribers to the Blick and SonntagsBlick newspapers, which are part of NZZ, were alerted about potential data compromises due to the attack. CH Media, another newspaper group that relies on NZZ for IT services, confirmed that data was also stolen during this incident.
As a direct consequence of the breach, three regional publications—Aargauer Zeitung, Luzerner Zeitung, and St. Galler Tagblatt—had to temporarily suspend various sections of their newspapers. Following the attack, Play published approximately 500 GB of stolen data from the NZZ group, which included employee information.