Svenska kraftnät has confirmed a data breach after hacker group Everest claimed to have stolen large amounts of data. The group is now demanding money to avoid leaking the information and has been linked to Russian cyber groups. The authority is investigating the scope without impact on the power system.
On Saturday, hacker group Everest announced it had targeted Svenska kraftnät, the state-owned entity responsible for Sweden's power system and crisis preparedness plans for electricity supply. The group, demanding ransom to withhold the stolen data, has set a countdown on the darknet ending next Saturday. This follows a typical ransomware pattern.
On Sunday, Svenska kraftnät confirmed the breach. 'We are now investigating what information has leaked and how it may affect us. We see no indications that the power system is affected,' said Cem Göcgören, the agency's information security chief, in a press release. The breach has been reported to police, and Svenska kraftnät is collaborating with other authorities.
Everest previously claimed responsibility for a September cyberattack that disrupted several European airports. The group's methods resemble those of Russian hacker groups, according to a report from the U.S. Department of Health's cybersecurity center. Expert Karl Emil Nikka cautions, however: 'This could be an international group operating worldwide. What we know is only that there are links to previous Russian groups. That does not mean they are related to the Russian state in any way.' He suggests the motive is likely financial but does not rule out others, given the group's attacks on the health sector and aviation systems.
Energy and Business Minister Ebba Busch (KD) wrote on X: 'We are in close contact with the authority.' Experts advise against paying ransom, as the damage is already done once data falls into criminal hands.