Cyber Incident Victim: Riksdagen
Date:
Apr 2024
Location:
Sweden
Summary
Sweden's parliament experienced a distributed denial-of-service (DDoS) attack that disrupted access to its website, causing partial outages and persistent slowness, which hindered public access to webcasts and online services. The incident coincided with high-level Nordic-Ukrainian diplomatic meetings, occurring amid heightened cybersecurity concerns following the country's NATO application in response to Russia's invasion of Ukraine. Parliamentary officials confirmed the attack's nature and ongoing restoration efforts but could not estimate full recovery timelines, noting the attack's characteristic use of high-volume traffic to overwhelm servers—a common tactic among hacktivist groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 30, 2024, Sweden’s parliament (Riksdagen) reported a distributed denial-of-service (DDoS) attack targeting its official website. The attack caused partial outages beginning on Tuesday, April 29, with lingering disruptions persisting into Wednesday. Parliamentary spokespersons confirmed the incident as a deliberate DDoS operation, characterized by high volumes of malicious traffic directed at the site’s servers. This led to significantly degraded performance, including slow page-load times and intermittent failures in accessing live webcasts of parliamentary proceedings. Technical teams conducted analyses that definitively attributed the disruptions to the attack. Restoration efforts commenced immediately but remained ongoing at the time of reporting, with no estimated timeline for full recovery. The attack coincided with a planned meeting in Helsinki between Swedish Prime Minister Ulf Kristersson, other Nordic leaders, and Ukrainian President Volodymyr Zelenskiy, though no direct link between the events was established in official statements.
The incident occurred against a backdrop of heightened cybersecurity concerns for Sweden following its application for NATO membership in May 2022, a decision prompted by Russia’s full-scale invasion of Ukraine. Swedish authorities had previously warned of increased cyber threats targeting national infrastructure and government entities. While the parliament’s spokespersons did not attribute the DDoS attack to a specific actor, they acknowledged the unsophisticated yet disruptive nature typical of “hacktivist” operations. No data breaches or compromises beyond the temporary service degradation were reported. Parliamentary operations unrelated to the public website continued unaffected. The response focused on mitigating the traffic surge and restoring public access, with technical teams actively monitoring systems. The disruption underscored the persistent vulnerability of public-facing government platforms to volumetric attacks aimed at availability rather than data exfiltration.