Cyber Incident Victim: Kalmar kommun

On February 6, 2024, Kalmar kommunkoncern experienced network disruptions prompting an immediate shutdown of internal systems as a precautionary measure. Initial investigations led the organization to classify the incident as a suspected cyberattack, though critical infrastructure including safety alarms, medical cabinets, and elevators remained operational. Communication chief Nico Werge confirmed employees transitioned to cloud-based services to maintain workflow continuity while internal systems remained offline. By 11:25 that day, officials publicly confirmed the IT attack, noting that many core systems remained secure but access to critical applications required further assessment. The municipality activated its crisis management protocol, operating under the assumption that recovery efforts would extend through the week.

Kalmar kommun initiated police reporting procedures regarding the attack by 17:55 on February 6, while maintaining most operations through procedural adjustments. Standard communication channels such as telephones and email functioned normally, but e-services platforms and the Edlevo system experienced disruptions. Internal investigations focused on mapping system accessibility and containing the incident’s scope, with officials emphasizing that the majority of IT infrastructure was unaffected. The Russian cybercriminal group Akira was identified as the suspected perpetrator, based on attack characteristics matching their recent compromise of Tietoevry’s data center infrastructure. Ongoing updates indicated sustained operational limitations with no specified resolution timeline, though organizational functions continued under modified workflows.