Svenska kraftnät

Sweden’s state-owned power grid operator Svenska kraftnät suffered a cyberattack targeting an isolated external file transfer system, resulting in a data breach of 280 GB as claimed by the Everest ransomware group. The breach was detected on a Saturday, prompting an immediate investigation to assess the leaked information and its potential consequences. While the electricity supply and power grid operations remained unaffected, the incident raised concerns due to the scale of data exfiltration. The company notified law enforcement and is collaborating with authorities to secure compromised systems. The Everest group added Svenska kraftnät to its Tor leak site, though the full scope of the stolen data including whether it involved sensitive operational, employee, or third-party details is still under analysis. The attack underscores vulnerabilities in critical infrastructure, even when core systems are segregated from breached components.

Source: https://securityaffairs.com/183963/cyber-crime/everest-group-claimed-the-hack-of-swedens-power-grid-operator-svenska-kraftnat.html

TPRM report: https://www.rankiteo.com/company/svenska-kraftnat

"id": "sve5602056103125",
"linkid": "svenska-kraftnat",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'industry': 'energy (power grid operator)',
                        'location': 'Sweden',
                        'name': 'Svenska kraftnät',
                        'type': 'state-owned enterprise'}],
 'attack_vector': 'exploitation of an isolated external file transfer system',
 'customer_advisories': ['public statement confirming breach and reassuring no '
                         'impact on electricity supply'],
 'data_breach': {'data_exfiltration': True},
 'date_detected': '2025-10-26T18:00:00Z',
 'date_publicly_disclosed': '2025-10-28T00:00:00Z',
 'description': 'Hackers breached Sweden’s state-owned power grid operator '
                'Svenska kraftnät via an isolated file transfer system, '
                'stealing 280 GB of data. The power grid operations remained '
                'unaffected. The Everest ransomware group claimed '
                'responsibility for the attack.',
 'impact': {'brand_reputation_impact': 'potential concern (under '
                                       'investigation)',
            'data_compromised': '280 GB',
            'operational_impact': 'none (power grid operations unaffected)',
            'systems_affected': ['isolated external file transfer system']},
 'initial_access_broker': {'entry_point': 'isolated external file transfer '
                                          'system'},
 'investigation_status': 'ongoing (scope of breach and leaked data under '
                         'evaluation)',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
 'references': [{'date_accessed': '2025-10-28',
                 'source': 'SecurityAffairs',
                 'url': 'https://securityaffairs.com/154220/cyber-crime/everest-ransomware-svenska-kraftnat-hack.html'}],
 'regulatory_compliance': {'regulatory_notifications': ['police report filed']},
 'response': {'communication_strategy': ['public disclosure',
                                         'ongoing updates as investigation '
                                         'progresses'],
              'containment_measures': ['securing affected systems'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'third_party_assistance': ['law enforcement',
                                         'local authorities']},
 'threat_actor': 'Everest ransomware group',
 'title': 'Cyberattack on Sweden’s Power Grid Operator Svenska kraftnät by '
          'Everest Ransomware Group',
 'type': ['data breach', 'ransomware attack']}