Cyber Incident Victim: Surahammars kommun

On Monday, November 25, 2024, Surahammars kommun experienced a cyberattack involving a phishing campaign originating from a compromised employee email account. The attack distributed a malicious email containing a link to a fraudulent login page designed to harvest user credentials to approximately 600 recipients. This phishing attempt aimed to deceive recipients into submitting their login information, enabling attackers to hijack user accounts. The municipality detected the incident promptly and initiated response protocols the same day. Officials characterized the event as a deliberate attempt to compromise personal credentials through social engineering rather than a technical system breach.

Surahammars kommun activated its incident response procedures immediately upon discovery, engaging in containment efforts and forensic analysis. The incident was reported to law enforcement authorities and CERT-SE, Sweden’s national computer security incident response team, as part of standard breach notification protocols. Internal communications emphasized heightened vigilance regarding unsolicited messages containing links or requests for sensitive actions. While the attack’s direct operational impact remained confined to the phishing campaign’s distribution scope, the municipality reinforced security awareness by advising recipients to scrutinize unexpected communications through a four-step protocol: pausing before reacting, verifying message legitimacy, consulting colleagues or supervisors when uncertain, and reporting or deleting suspicious messages without interacting with embedded links. No additional technical compromises or data exfiltration beyond the credential-harvesting attempt were disclosed in public statements.