Attack on defense contractor Ultra I&C leaks military details


Ultra Intelligence & Communications (I&C), a subsidiary of British defense and security company Ultra, was claimed by the ALPHV ransomware gang. The Swiss Ministry of Defense confirmed to Cybernews that the attack exposed some of its data.

Ultra I&C was posted on ALPHV’s dark web blog, which the gang uses to showcase its latest victims. According to the crooks’ post, the gang exfiltrated 30GB of data.

We contacted Ultra I&C for comment but did not receive a comment before publishing.

ALPHV‘s post lists the wide variety of data supposedly stolen from Ultra I&C, including audit data, financial data, and employee data. The attackers claim that the stolen data includes information relating to the FBI, NATO, Switzerland, Israel, and several defense companies.

Data samples that the attackers included in the dark web blog post include several contracts with defense companies and the US Military. Switzerland‘s Federal Department of Defense reportedly confirmed the data breach impacted the Swiss Air Force, and Ultra I&C has informed the government about a ransomware attack.

The Swiss Department of Defense, Civil Protection and Sport (VBS) confirmed to Cybernews that Ultra I&C indeed informed Switzerland's Federal Office for Defense Procurement (Armasuisse) and Gruppe Verteidigung, VBS's department for the administration of the Swiss Army.

"VBS takes incidents of this kind very seriously. For this reason, the incident is being investigated in detail. The investigations are currently ongoing. However, based on the findings so far, it can be stated that the army's operational systems are not affected by the ransomware attack. To date, commercial data has been published," VBS told Cybernews.

The ministry explained that it's systems are not based on one system or contractor, which allows to separately protect IT systems. Meanwhile, the relevance of data published on ALPHV's leak site is being evaluated.

Ultra I&C provides defense sector companies with military and intelligence encryption and communication services, which could make the leak damaging to the companies and organizations involved.

ALPHV has become one of the most prominent ransomware cartels of recent years. Most notably, the gang was behind the September ransomware attacks on the Las Vegas casino giants MGM Resorts and Caesars International, which are rumored to have paid a $15 million ransom to keep operations running.

However, in late 2023, the feds seized some of the ALPHV’s infrastructure and released a decryptor to combat the gang’s malware.

A decryptor serves as a key to any ransomware gang’s malicious software, ransomware, which encrypts files on the victim’s system and, in some cases, backups.

Updated on January 10th [08:50 AM GMT] with a statement from VBS.