Cyber Incident Victim: Göteborgs-Posten
Date:
Mar 2016
Location:
Sweden
Summary
A coordinated cyber attack involving distributed denial of service (DDoS) disruptions targeted Sweden's main newspapers, including Göteborgs-Posten, causing their online editions to be inaccessible for several hours over a weekend. An anonymous threat posted on Twitter prior to the attacks accused the media outlets of spreading false propaganda. Swedish authorities launched investigations, noting that the compromised computers used in the attack were traced to Russia but cautioned that this could be intentional misdirection. The country's interior minister condemned the incident as an assault on free speech, highlighting broader concerns about cybersecurity threats to press institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 19, 2016, a coordinated cyber attack disrupted Sweden's major newspaper websites through distributed denial of service (DDoS) attacks. An anonymous threat posted on Twitter preceded the incident, declaring imminent attacks against Swedish government and media entities accused of spreading "false propaganda." The attacks commenced Saturday evening, targeting online editions of at least seven publications including Göteborgs-Posten, Svenska Dagbladet, Aftonbladet, Expressen, and Dagens Nyheter. The sustained DDoS traffic overloaded servers, rendering websites inaccessible for several hours. Swedish police immediately launched preliminary investigations into the incident, with their cyber crime unit identifying the attacking network's geographical origin in Russia through technical analysis. Authorities cautioned that this location data did not conclusively identify the perpetrators' nationality or base of operations, noting attackers often route traffic through compromised systems to obscure their true location.
The Swedish National Police Cyber Crime Unit's operations specialist Anders Ahlqvist publicly advised against premature attribution, emphasizing historical patterns where attackers deliberately create false geographical trails. Sweden's Interior Minister Anders Ygeman characterized the incident as an assault on press freedom and invited affected media organizations to participate in a national cybersecurity review. While police investigations remained ongoing at the time of reporting, no additional technical specifics regarding attack vectors, bandwidth volumes, or precise downtime durations were disclosed. Security firm CloudFlare's contemporaneous industry analysis, referenced in coverage, noted a broader trend of increasing DDoS attack scale during early 2016, though without direct linkage to this specific event. The incident highlighted operational vulnerabilities in media infrastructure while triggering formal law enforcement responses and policy-level discussions about protecting critical information systems.