Rules Navigator

“Sweden is under attack” PM says after thousands of cyberattacks

Ulf Kristersson Prime Minister of Sweden.
Ulf Kristersson Prime Minister of Sweden. Photo: Pier Marco Tacca/Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Actions directed at Sweden are increasing and becoming more intense and complex.

Multiple organizations in Sweden have been victims of thousands of targeted cyberattacks during the last few days, leading Prime Minister Ulf Kristersson to declare “Sweden is under attack.”

Some of the targets included SVT (the Swedish public service television company), essential services such as banking apps Swish and BankID, and the Public Employment Service (Arbetsförmedlingen).

“What we have seen before has been more random with, for example, municipalities that have been affected. Now it feels more like we are under a targeted attack.”

Måns Jonasson, internet expert at the Internet Foundation

The organizations experienced Distributed Denial of Service (DDos) attacks, where some of their services stopped working due to the traffic overload. So far, the attacks have only been focusing on overloading services, and no data or information has been stolen.

Targeted attacks

Mikael Frisell, the Director General of the Swedish Civil Contingencies Agency (MSB), told SVT that the number of attacks on Sweden has not only increased but has also become more intense and complex.

“They are more and more difficult to handle. It is also very difficult to see who is sending or carrying out the attack,” Frisell said.

According to Måns Jonasson, internet expert at the Internet Foundation, these latest attacks stand out from the earlier attacks on random targets. “There have been a lot of attacks in a short time, against large institutions and well-chosen targets it seems. What we have seen before has been more random with, for example, municipalities that have been affected. Now it feels more like we are under a targeted attack.”

Last year, Sweden experienced many cyberattacks on various organizations with cyber actors linked to Russia. This could have been a response to Sweden joining the North Atlantic Treaty Organization (NATO).

Then, the pro-Russian hackergroup NoName057 took credit for carrying out overflow attacks which successfully shut down government websites, including Integrationsmyndigheten (the Swedish Authority for Privacy Protection) and Konkurrensverket (Swedish Competition Authority), and attacks on Riksgälden, (Swedish National Debt Office), and ISP (Inspectorate of Strategic Products).

Another hacker group, Medusa, stole 60,000 documents from a private clinic, Sofiahemmet, in Stockholm and threatened to leak them unless they were paid $1m.

During 2024, Bjuv’s municipality was also hacked in a ransomware attack. The hackers threatened to leak stolen information such as secret documents, contracts, and personal files on the Darknet.

Another attack was on Mediplast, a supplier of medical technology products. The 8Base ransomware group is said to have stolen invoices, receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements, personal files, and more.

The attack on Mediplast also affected a large number of the company’s customers, and made Sweden’s four regions – Västerbotten, Sörmland, Blekinge and Uppsala – activate crisis management protocols.

No actor responsible for these latest attacks has been found or taken credit for them. The Swedish Security Service (Säpo) has previously said that Russia, China and Iran are actors engaged in this type of activity.

, , ,

You may also like