A Swedish power grid operator Svenska kraftnät identified on Saturday a data breach involving a limited, external file transfer solution. For now, there are no signs that the transmission of electricity or the functioning of the electricity system has been affected. While an intensive investigation has been underway to evaluate the scope of the breach and the potential consequences it could have, the incident has been reported to the police.
“We take this breach very seriously and have taken immediate action. We understand that this may cause concern, but the electricity supply has not been affected by this breach, Cem Göcgoren, head of information security at Svenska kraftnät, said in a Monday statement. “As this is a security matter and a police investigation, we cannot provide any specific details about what information has been exposed, but our current assessment is that mission-critical systems have not been affected.”
In the meantime, ransomware group Everest has on Saturday claimed responsibility for the Svenska kraftnät breach in a message posted on X, formerly Twitter.
Svenska kraftnät added that the investigation is ongoing.
“At this time, we are not commenting on perpetrators or motives until we have confirmed information,” the operator said. “We are currently unable to provide any specific details about what information has been exposed, but we see no indication at this time that mission-critical systems have been affected.”
The Everest group is also allegedly behind the Dublin Airport (DUB) breach and exfiltrated 1,533,900 passenger and operations records. The leaked fields reportedly include passenger and flight details such as ID, operating-carrier PNR, origin/destination airport codes, operating carrier, flight number, flight date, compartment code, seat number, etc.
Svenska kraftnät added, “We have worked intensively to secure the system, and are now analyzing in more detail what data was leaked. We will update continuously as the facts become clearer.”
In June, Forescout Technologies reported a surge in cyberattacks against manufacturing operations and OT (operational technology) systems, driven by hacktivists and state-sponsored groups. Several other threat actors also showed activity in the manufacturing sector, though at lower levels. These included Fog, Medusa, Qilin, BlackSuit, 8Base, Black Basta, INC Ransom, BianLian, Metaencryptor, Everest, Ghost (Cring), Dragonforce, Frag, and Lynx.
