Sweden’s power grid operator confirms data breach claimed by ransomware gang

Steven

Sweden’s power grid operator confirms data breach claimed by ransomware gang

Summary

State-owned transmission operator Svenska kraftnät has confirmed a data breach after a ransomware group publicly claimed to have stolen roughly 280 gigabytes of internal data. The agency says the incident involved a “limited external file transfer solution” and that electricity supply and mission-critical systems were not affected. Svenska kraftnät is working with police and national cybersecurity authorities to assess the scope and potential exposure, and has not yet attributed the intrusion to a specific actor.

Key Points

  1. Svenska kraftnät acknowledges a data breach affecting an external file-transfer solution; power supply remains uninterrupted.
  2. Ransomware gang Everest claimed responsibility and said it exfiltrated about 280 GB of data and threatened to publish it.
  3. The operator says mission-critical systems were not impacted and has opened an investigation with police and national cyber authorities.
  4. Everest has previously claimed high-profile attacks (Dublin Airport, Air Arabia, Collins Aerospace), but those claims are not independently verified.
  5. Svenska kraftnät is not yet naming perpetrators or motives while it gathers confirmed information.

Content Summary

Svenska kraftnät discovered unauthorised access tied to a limited external file-transfer tool and has publicly confirmed the breach. The organisation’s CISO, Cem Göcgören, emphasised that the electricity supply was not affected and that immediate measures were taken. The ransomware group Everest posted on its leak site claiming to have taken about 280 GB and demanding compliance to avoid publication. Svenska kraftnät continues coordination with law enforcement and national cyber agencies to determine the extent of exposed data and any operational risk.

Context and Relevance

This incident touches on the persistent risk to critical infrastructure from ransomware: even when operational technology remains intact, data exfiltration can expose sensitive planning, network configurations, contracts or personal data that harm resilience and trust. The attacker’s public claims and prior assertions against airports and aerospace suppliers underline a trend where criminal groups pursue both disruption and extortion via leaks. For security teams, regulators and utilities, the case reinforces the need to secure external file-transfer mechanisms, maintain robust incident response ties with national authorities, and prepare for reputational and regulatory fallout from data loss.

Author style

Punchy: this is precisely the sort of story security teams and infrastructure planners should not ignore. If you’re responsible for operational resilience, the detail matters — stolen data can be weaponised even without service outages.

Why should I read this?

Look, if you care about who keeps the lights on (and who can leak the spreadsheets that make that happen), this is worth two minutes. It shows how a non-disruptive data breach can still be serious — and why everyone should be checking external file-transfer tools and talking to their national CERTs.

Source

Source: https://therecord.media/sweden-power-grid-operator-data