Cyber Incident Victim: Borgholm
Date:
Dec 2022
Location:
Sweden
Summary
A cyberattack targeting municipalities in Kalmar län prompted an internet traffic shutdown for Borgholm and Mörbylånga to contain the breach, disrupting email systems and Mörbylånga's website. Data exfiltration occurred, though specifics remained unclear initially. Critical services including healthcare shifted to manual operations, while utilities and alarm systems appeared functional. IT teams focused on securing infrastructure and patching vulnerabilities, with recovery anticipated to span multiple days. Municipal companies like Borgholm Energi also experienced outages, limiting digital communications and phone accessibility as a precautionary measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 12, 2022, Borgholm Municipality in Kalmar län, Sweden, experienced a cybersecurity incident after receiving an external warning about suspicious activity in its IT systems. Authorities contacted the municipality regarding potential unauthorized access, though the specific nature of the intrusion remained unclear during initial assessments. Jens Odevall, a municipal representative, confirmed coordination with an unnamed state agency but disclosed no definitive conclusions about whether the incident constituted ransomware, sabotage, or another threat vector. Preliminary analysis indicated data exfiltration had occurred, but officials could not identify the compromised data types at the onset. In immediate response, Borgholm and neighboring Mörbylånga Municipality severed all inbound and outbound internet traffic to isolate their networks. This containment measure disabled Mörbylånga’s public website and disrupted email systems across both municipalities, though Borgholm’s externally hosted website remained accessible.
The network disconnection impacted multiple internal systems, with full operational disruptions becoming apparent throughout the morning. Municipal services adopted contingency protocols, particularly in healthcare and social welfare, where staff reverted to manual procedures for critical operations—including overriding nonfunctional keyless entry systems. Utilities such as water and electrical infrastructure underwent verification checks but showed no overnight service interruptions, while safety alarm systems reportedly remained operational. Borgholm Energi, a municipal utility company, publicly acknowledged system unavailability due to precautionary IT shutdowns, limiting email and phone communications. IT teams prioritized vulnerability remediation and system hardening with external support, estimating recovery efforts would span several days. No external parties beyond municipal operations were confirmed affected, with response efforts focused exclusively on securing core services against further compromise.