A threat actor has claimed to have leaked the source code and other sensitive material related to a Swedish e-government platform, prompting an investigation by Swedish authorities and a response to the incident by CGI Sverige.
Cybersecurity accounts at X and local media reported on Thursday that a threat actor known as ByteToBreach had released material it said came from CGI Sverige, the Swedish subsidiary of global IT giant CGI Group, and Sweden’s e-government infrastructure, according to local news outlet Aftonbladet.
CGI told Aftonbladet that its cybersecurity team discovered an incident involving two internal test servers in Sweden that were not being used in production. The company said an older version of the program and its source code were available, but there was no indication that customers’ production data or operational services were affected. CGI press secretary Agnetha Hansson confirmed to reporters that authorities are investigating the leak.
According to Eurostat, about 95% of Sweden’s 10.7 million population will have used e-government services in 2024.
Exposed files may include source code and platform configuration files, internal employee databases, citizen identity databases, electronic signature documents, and other sensitive data.
Cointelegraph contacted CGI Group and Sweden’s national IT incident center, CERT-SE, for comment on the reported leak.
Sweden’s Minister of Civil Defense confirmed the cyber security incident
However, Swedish Civil Defense Minister Karl-Oscar Böhlin confirmed the leak and said the government was working with CERT-SE and the National Cyber Security Center to identify the culprits.
IT security expert Anders Nilsson confirmed that the hacked resources appear to be genuine. “The source code for several programs is available, and from what I can see, the hack appears to be genuine,” Nilsson wrote in an email to SVT.
related to: SlowMist introduces the Web3 security stack for autonomous AI agents
Hackers are targeting infrastructure in Sweden and Europe
Hackers across Sweden and Europe are increasingly targeting public cyber infrastructure, threat intelligence platform Threat Landscape has warned.
“This is not an isolated incident,” the platform said in a report on Thursday.
“ByteToBreach is the same actor responsible for the Viking Line breach that was released just a day ago, and suggests an ongoing campaign targeting Swedish and European infrastructure via CGI managed services.”
related to: French couple robbed of $1 million in bitcoins by criminals posing as police
The threat actor claimed to have leaked the full code of the e-government platform and shared numerous supporting materials.
Threat intelligence researchers said that if attackers use the leaked code or documents to identify vulnerabilities in public-facing systems, even if the full content of the dump has not been independently verified, there could be further risk.
Magazine: Meet the onchain crypto detectives who fight crime better than the police
