Swedish government agencies and businesses grappled with disruptions in their online services following a ransomware attack attributed to a Russian hacker group, according to IT consultancy Tietoevry.
Tietoevry's Data Centers
AFP reported that the attack targeted one of Tietoevry's data centers in Sweden, causing significant impact across various sectors, including online purchases at major establishments like the country's largest cinema chain and several department stores.
The centralized human resources system utilized by Sweden's national government service center was also compromised, rendering it impossible for public sector employees to declare overtime hours, sick leave, or holiday requests.
The severity of the attack prompted Tietoevry to issue a statement saying that the restoration process might extend over several days or even weeks.
The company estimated that approximately "120 government agencies and more than 60,000 employees" were impacted by the cyber assault. While Tietoevry refrained from providing specific details about a ransom demand, the company did file a police complaint about the attack.
Ransomware attacks typically involve cybercriminals gaining access to vulnerable computer systems, encrypting or stealing data, and subsequently issuing a ransom note demanding payment in exchange for decrypting the data or refraining from releasing it publicly.
The finger-pointing at the Russian hacker group Akira has underscored the need for international cooperation in addressing cyber threats and holding perpetrators accountable.
In response to the incident, Sweden's Civil Defence Minister, Carl-Oskar Bohlin, emphasized the importance of making cybersecurity a priority for both the public and private sectors. In a message on X, formerly known as Twitter, Bohlin said, "Cybersecurity must be a priority for all of society, both the public and private sector."
He also revealed the government's intention to thoroughly evaluate the incident once the operational phase is over, signaling the significance of learning from such incidents to enhance cybersecurity measures.
Margareta Palmqvist, the head of information security at the Swedish Civil Contingencies Agency (MSB), highlighted the rapid digitalization in Sweden but noted that sufficient investments in cybersecurity had not kept pace.
Palmqvist also cited the significance of taking proactive measures to boost cybersecurity preparedness, underscoring the importance of readiness and preventive efforts.
Microsoft Emails Hacked
In related news, Microsoft reported that a hacking group identified as Midnight Blizzard or Nobelium, associated with Russian intelligence, compromised the email accounts of prominent Microsoft personnel and other staff. Microsoft said the hacking group was the same entity behind the 2020 SolarWinds cyberattack.
Nobelium, affiliated with Russia's Foreign Intelligence Service (SVR), accessed a non-production test tenant account in late November 2023, compromising specific emails and attached documents. Microsoft detected the attack last January 12.