Cyber Incident Victim: Bjuvs kommun
Date:
Jan 2024
Location:
Sweden
Summary
An IT attack targeted Bjuvs kommun's IT environment overnight between Friday and Saturday, disrupting operational systems and employee computer logins. The incident caused partial inaccessibility to digital services and temporary email outages, though phone and social media communications remained functional. Shared IT provider EttIT, serving multiple municipalities including unaffected Örkelljunga and Åstorp, responded immediately by manually managing vulnerable systems to prevent broader impact. Personnel from EttIT and the municipality worked intensively to troubleshoot, minimize damage, and restore services, identifying a solution that enabled most systems and computers to resume operations by Monday morning. The attack was reported to police, with ongoing coordination to monitor the situation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The IT attack against Bjuvs kommun occurred between the night of Friday, January 19, and Saturday, January 20, 2024, targeting the municipality's IT environment. The intrusion disrupted operational systems and compromised employee access to work computers, impairing core administrative functions. Bjuvs kommun's shared IT department, EttIT—which also serves Örkelljunga, Klippan, Perstorp, and Åstorp kommuner—immediately initiated manual management of potentially vulnerable segments of the shared infrastructure to prevent cross-municipality spread. While Bjuv's systems were directly compromised, all other municipalities in the EttIT collaboration confirmed their environments remained unaffected. By Sunday, January 21, EttIT and Bjuvs kommun personnel identified a remediation strategy, enabling the restoration of most operational systems and computers by Monday morning, January 22.
Despite this recovery, residual disruptions persisted in Bjuvs kommun’s digital services as of January 22, including intermittent inaccessibility of the [email protected] email platform. Citizens were advised to use telephone or social media for communication during the outage. EttIT maintained continuous coordination with all partner municipalities to monitor the situation, while Bjuvs kommun internally prioritized damage assessment and system stabilization. The municipality formally initiated a police investigation into the attack, though no details regarding the threat actor’s identity, intrusion methods, or data compromise were disclosed in the available reports. No ransomware or financial motives were mentioned, and restoration efforts focused on operational continuity rather than publicly disclosed forensic analysis.