Cyber Incident Victim: Sweden
Date:
Feb 2023
Location:
Sweden
Summary
Several Swedish websites, including Kivra, MSB, Tele2, Vattenfall, and SOS Alarm, experienced service disruptions due to widespread distributed denial-of-service (DDoS) attacks targeting critical societal infrastructure operators. The Civil Defense Minister publicly acknowledged the extensive attacks against central public-service entities, while the Swedish Civil Contingencies Agency confirmed these as deliberate overload incidents aimed at disrupting online accessibility. The coordinated nature of the attacks impacted multiple essential services simultaneously, though operational details regarding mitigation or attack origins were not disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of February 19, 2023, multiple Swedish websites and digital services experienced operational disruptions due to coordinated cyberattacks targeting key national infrastructure providers. The affected entities included Kivra (a digital mailbox platform), the Swedish Civil Contingencies Agency (MSB), telecommunications provider Tele2, energy company Vattenfall, and emergency response organization SOS Alarm. The disruptions occurred concurrently during Sunday morning hours, indicating a synchronized offensive against critical online services. Carl-Oskar Bohlin, Sweden’s Minister for Civil Defense, publicly acknowledged the incident via Twitter, characterizing it as "extensive attacks against central societal actors’ websites." MSB later confirmed the technical nature of the incident as distributed denial-of-service (DDoS) attacks, specifically labeling them "överbelastningsattacker" (overload attacks) designed to overwhelm targeted systems with malicious traffic. The timing on a weekend morning suggested potential intent to delay organizational response capabilities. Service accessibility issues at SOS Alarm raised particular concern due to its role in coordinating national emergency communications infrastructure. Vattenfall's temporary outage also indicated broader targeting of energy sector interfaces.
The attacks prompted immediate public engagement from both governmental and private-sector stakeholders. MSB assumed a central coordination role by formally verifying the attack methodology and scope while contextualizing the incident as targeting fundamental societal services. Tele2’s inclusion among affected organizations implied potential infrastructure-level disruptions given its status as a major telecommunications provider. No immediate claims of responsibility emerged from threat actors during the initial disclosure phase. The broad targeting pattern across government agencies, emergency services, energy providers, and digital communications platforms demonstrated operational focus on disrupting foundational societal services rather than financial gain or data exfiltration. Service restoration timelines and technical mitigation measures were not publicly detailed by most organizations, though MSB maintained public situational awareness through official confirmation of the attacks’ nature. The incident marked a visible disruptive event against Sweden’s digital infrastructure during peacetime, with operational impacts on civilian-facing services across multiple sectors.