The Swiss government has confirmed that sensitive information from several federal offices may have been exposed after a ransomware attack targeted Radix, a third-party organization based in Zurich.
Hackers broke into Radix’s systems, stole data, and later published it on the dark web. Authorities are now working with the National Cyber Security Centre to understand which offices were affected and how serious the damage is.
The government said Radix, a non-profit organization involved in health projects, was attacked by a ransomware group called Sarcoma. This group encrypted and stole data from Radix’s systems. Radix works closely with Swiss federal and local government bodies, so the incident has raised major concerns.
The attack happened on June 16, 2025. Sarcoma is a relatively new but active ransomware gang that first appeared in late 2024 and quickly became known for aggressive attacks. One of their previous high-profile targets was a large electronics company named Unimicron. Sarcoma hackers are known to break into systems using phishing emails, old security flaws, and supply chain weaknesses. Once inside, they take control of systems using remote desktop access and move across networks to steal and sometimes encrypt sensitive data.
On June 29, after what appears to be failed extortion efforts, Sarcoma released 1.3 terabytes of stolen Radix data on the dark web. The leaked files include scanned documents, financial records, contracts, and internal messages. The data is now being shared for free online.
Radix says it has informed those directly affected and believes there is no proof that sensitive information from its partners was included in the leak. However, it is warning people to stay alert for phishing attempts or identity theft. It advised anyone potentially impacted to keep an eye on their accounts, avoid clicking on suspicious links, and be careful with emails asking for personal or financial information.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The National Cyber Security Centre has not yet shared further details, but the investigation is ongoing. This is not the first time a third-party breach has affected the Swiss government. In March 2024, a similar incident involved another service provider, Xplain, which was attacked by the Play ransomware group. That attack led to the leak of around 65,000 documents from federal offices, many of which contained private data.
