The canton of Bern-based laboratory was apparently targeted for its role in the investigation into the Skripals’ poisoning in the UK.
The former Russian double agent Sergei Skripal and his daughter were poisoned with the Novichok nerve agent in the British town of Salisbury on March 4th, 2018. The attack has been widely attributed to the Russian government, which continues to deny any involvement.
The Spiez Laboratory had been analyzing the nerve agent involved in that attack, thus attracting Moscow’s attention, according to a report in Swiss newspaper Sonntags Blick.
The hackers, said to be from the Russian government-affiliated group Sandworm, posed as the laboratory’s organizing committee and circulated a word document with instructions for a forthcoming conference on chemical weapons in September. The cyber criminals used a fake email address and targeted the chemical weapons experts invited to the conference.
“Someone posed as the Spiez Laboratory,” Kurt Münger of the Federal Office for Civil Protection told the daily. “We immediately informed the conference invitees that the document was not ours. And pointed to the danger.”
The Sandworm hack caused limited damage. “The laboratory itself has not registered any outflow of data,” Münger confirmed.
The Spiez Laboratory’s 99 staff members “advise national authorities and international organizations in implementing and developing arms control and non-proliferation agreements,” according to the agency’s web page on Switzerland’s Federal Office for Civil Protection. The laboratory is also “involved in international missions relating to arms control and environmental protection.”
The experts also “provide services relating to arms control, protection measures, health and incident management for international organizations, authorities and the general population.”
This isn’t the first time an agency based in Switzerland has been targeted in 2018, however. The International Olympic Committee (IOC) was allegedly hacked earlier this year, as were Swiss IT companies, according to the same report.
German media houses ZDF and WDR were also recently targeted with fake Word documents purporting to offer employees of the news organizations information on Internet security, according to German news site Spiegel Online.