A threat actor has claimed to have leaked source code and other sensitive materials tied to Sweden’s e-government platform, sparking an urgent investigation by Swedish authorities and an incident response by CGI Sverige.
Initial Discovery and Response
Cybersecurity experts and local media reported on Thursday that a threat actor identifying as ByteToBreach had published material allegedly sourced from CGI Sverige, the Swedish subsidiary of global IT giant CGI Group, and Sweden’s e-government infrastructure. CGI confirmed to Aftonbladet that its cybersecurity team discovered an incident involving two internal test servers in Sweden that were not used in production. The company stated that an older application version and its source code were accessible, but there is no indication that customer production data or operational services were compromised.
Scope of the Leak
The leaked files could include the platform’s source code, configuration files, internal staff databases, citizens’ personally identifiable information (PII) databases, electronic signing documents, and other sensitive data. IT security expert Anders Nilsson confirmed the authenticity of the leaked resources, stating, “Source code for several programs seems to exist, and from what I can see, the hack looks genuine.”
Government Response and Investigation
Carl-Oskar Bohlin, Sweden’s minister of civil defense, confirmed the data leak and stated that the government is collaborating with CERT-SE and the National Cyber Security Center to identify the culprits. About 95% of Sweden’s 10.7 million population used e-government services in 2024, according to Eurostat data, making the security of these platforms a critical concern.
Broader Implications and Trends
The incident is not isolated; threat intelligence platform Threat Landscape warned that hackers are increasingly targeting public-facing cyber infrastructure throughout Sweden and Europe. ByteToBreach is the same actor responsible for the Viking Line breach posted just one day prior, suggesting an ongoing campaign targeting Swedish and European infrastructure via CGI’s managed services footprint.
Expert Analysis and Forward-Looking Insight
The exposure of the e-government platform’s source code and other sensitive materials could carry significant follow-on risks if attackers use the leaked information to identify weaknesses in public-facing systems. While the full contents of the leak have not been independently verified, the incident highlights the growing threat of cyber attacks on critical national infrastructure. As governments and private sector organizations increasingly rely on digital platforms, the need for robust cybersecurity measures and rapid incident response capabilities has never been more critical.
About the Author
