Around 60,000 employees affected, 120 administrations affected: a large-scale cyber attack has been disrupting Sweden for several days. A data center belonging to the Swedish-Finnish IT services group Tietoevry was the target of attacks overnight from last Friday to Saturday. Cinemas, department stores and other stores… It is impossible for Swedes to shop online in certain stores and a return to normality could ” take weeks “, indicated the targeted company on Monday night.
“ Depending on the nature of the incident and the number of specific customer systems to be restored, the recovery process may take several days or even weeks », Explained in a statement the Tietoevry group, which provides security solutions for companies in particular.
The centralized human resources system used by the Scandinavian country’s administrations (Statens Servicecenter) was also paralyzed, with public employees unable to take vacations, declare overtime worked or sick leave. “ 120 administrations and almost 60,000 employees » are victims of this cyber attack, Caroline Johansson Sjöwall, spokeswoman for Statens Servicecenter, told AFP.
Behind this attack: the Akira hacker group, which has ties to Russia. At least that’s what Tietoevry and several computer security experts say. Their reason? It is more likely to make money by blackmailing data, Henrik Ryttergard, an IT security expert at Combitech, told public television SVT.
Furthermore, this week the Turkish parliament is expected to vote on Sweden’s membership in NATO. It is recalled that Sweden and Finland began, in response to Russia’s invasion of Ukraine almost two years ago, a process of joining the political-military organization. Finland was admitted last April. After ratification by Turkey, Hungary would remain the last obstacle to the Scandinavian country’s accession process.
Strengthening cybersecurity in the country
Sweden is an advanced country in the digital field. Cybersecurity is even a vital issue:
“ Cybersecurity must be a priority for society as a whole, both in the public and private sectors. Once the operational phase has been completed, the government intends to bring together all the actors involved, (…) in order to evaluate this incident in depth », Civil Defense Minister Carl-Oskar Bohlin reacted on X (formerly Twitter).
The Swedish Civil Protection Agency (MSB), in turn, explained that it saw this weekend’s event as a warning. “ Sweden has digitized quickly, but has generally not invested as much time and resources into cybersecurity », explains Margareta Palmqvist, manager at MSB. “ The important thing, therefore, is to prepare, work preventively (…) to be ready when the incident occurs », he adds, quoted by the TT agency.
Multiplication of Russian attacks
Russian cyberattacks have recently increased against countries and companies around the world. In November 2022, Australian private health insurance group Medibank was targeted by hackers during a high-profile cyberattack. Hackers gained access to the medical data of around 9.7 million patients, including that of Australian Prime Minister Anthony Albanese. This is one of the worst data thefts ever recorded in the country.
Hackers linked to Russian intelligence services also hacked emails from senior Russian executives. Microsoft, according to a court document filed by the American IT giant. The company’s security team detected the latest attack on January 12, triggering defenses that blocked further access by hackers. According to Microsoft, the author of the cyber attack is “ Midnight Blizzard », a group that works together with Russia’s foreign intelligence services, according to Washington and London. It would primarily target states, diplomatic entities, non-governmental organizations and IT service providers in the United States and Europe.
Cyberattacks: Mainly a question of espionage
Cyberattacks around the world are, however, less destructive and more focused on espionage operations, in the wake of the war in Ukraine and the hardening of global geopolitics, points out a Microsoft report published in October 2023. Activists supported by Moscow and Tehran “ increased their collection capacity » information, specifies the document, noting that “Nearly 50% of observed Russian destructive attacks against Ukrainian networks occurred in the first six weeks of the war » before refusing.
The American Internet giant highlights the growing link between cyber operations and propaganda. With the aim of “ manipulate global and national opinions to weaken democratic institutions » from its opponents, in particular by exploiting existing social fractures. In this regard, the expansion of Russian cyber activities suggests that “ any government (…) or essential infrastructure of a country that provides political, military or humanitarian assistance to Ukraine » runs the risk of being targeted. Although 48% of Russian attacks were aimed at targets in Ukraine, a third of them were directed against NATO countries, including the United States, Britain and Poland.
The report finally warns of growing coordination between States and “ hacktivists » as the conflict in Ukraine progresses and the global proliferation of non-state actors she describes as “ cyber mercenaries “. “The massive growth of this market represents a real threat to democracy, global stability and the security of the online environment “, he points out.