A threat actor has claimed to have leaked source code and other sensitive material tied to Sweden’s e-government platform, prompting an investigation by Swedish authorities and an incident response by CGI Sverige.
Cybersecurity accounts on X and local media reported Thursday that a threat actor calling itself ByteToBreach had published material it said came from CGI Sverige, the Swedish subsidiary of global IT giant CGI Group, and Sweden’s e-government infrastructure, according to local news outlet Aftonbladet.
CGI told Aftonbladet its cybersecurity team discovered an incident involving two internal test servers in Sweden that were not used in production. The company said an older application version and its source code were accessible, but that there was no indication that customer production data or operational services were affected. CGI press secretary Agneta Hansson confirmed to the news outlet that authorities are investigating the leak.
About 95% of Sweden’s 10.7 million population used e-government services in 2024, according to Eurostat data.
The leaked files could include the platform’s source code and configuration files, internal staff database, citizens’ personally identifiable information databases, electronic signing documents and other sensitive data.
Cointelegraph contacted CGI Group and Sweden’s national IT incident center, CERT-SE, for comment on the reported leak.
Swedish civil defense minister confirms cybersecurity incident
However, Carl-Oskar Bohlin, Sweden’s minister of civil defense, confirmed the data leak and said the government is working with CERT-SE and the National Cyber Security Center to identify the culprits.
IT security expert Anders Nilsson confirmed that the hacked resources seemed authentic. “Source code for several programs seems to exist, and from what I can see, the hack looks genuine,” Nilsson wrote in an email to media outlet SVT.
Related: SlowMist introduces Web3 security stack for autonomous AI agents
Hackers target Swedish and European infrastructure
Hackers are increasingly targeting public-facing cyber infrastructure throughout Sweden and Europe, warned threat intelligence platform Threat Landscape.
“This is not an isolated incident,” the platform said in a Thursday report.
“ByteToBreach is the same actor responsible for the Viking Line breach posted just one day prior, suggesting an ongoing campaign targeting Swedish and European infrastructure via CGI’s managed services footprint.”
Related: French couple robbed of $1M in Bitcoin by criminals posing as police
The threat actor claimed to have leaked the full source code of the e-government platform, sharing multiple supporting materials.
Threat-intelligence researchers said the exposure could still carry follow-on risk if attackers use the leaked code or documentation to identify weaknesses in public-facing systems, though the full contents of the dump have not been independently verified.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops