Published on
Sweden thwarted a pro-Russian cyberattack on a thermal power plant in mid-2025, the government said on Wednesday, saying the group behind it was linked to Russian intelligence.
There were no serious consequences, Civil Defence Minister Carl-Oskar Bohlin said.
“The Swedish Security Service handled the case and was able to identify the actor behind it, which has ties to Russian intelligence and security services,” Bohlin told reporters.
Bohlin told the AFP news agency that the attack failed “because the security systems in place worked.”
Without going into detail, he said the aim of the operation was to disrupt the functioning of a facility that supplies heating.
The minister added that the attack “illustrates that we are dealing with an antagonist who does not hesitate to create physical disruptions that can be likened to sabotage of our physical infrastructure.”
The plant was located in western Sweden, he said.
Bohlin said cyber threats against Swedish interests had increased since Russia’s full-scale invasion of Ukraine in February 2022, as Moscow targeted countries supporting Ukraine.
“This points to a changed, more risk-prone and more reckless behaviour from Russia, which could lead to potentially very harmful effects on society,” he said, adding that the Swedish government was taking the development “very seriously.”
“Our support for Ukraine remains steadfast,” he stressed.
More sophisticated
Bohlin also said that attackers were no longer just relying on direct denial of service (DDoS) attacks, which overload systems by sending massive amounts of traffic, against IT systems, but were now also targeting so called operational technology (OT) that control the infrastructure.
“That is, control systems which often control physical functions in various operations and attempt to destroy, compromise, or disrupt them,” Bohlin told AFP.
Pontus Johnson, a professor at the KTH Royal Institute of Technology, explained that while DDoS attacks were relatively simple attacks, attacking OT systems required a higher level of sophistication.
“You don’t just send traffic their way, but you are trying to find vulnerabilities to enter the systems to then be able to affect them,” Johnson said.
“It requires a much more competent attacker,” he said, and added that the rise of the use of AI had also made these types of attacks easier for hackers.
Johnson also said the targeting of OT systems was also more serious because unlike the targeting of for instance a website, these systems actually control things in the “physical world.”
This opens the door to potential disruptions of things like the power grid or railways, he explained.
Bohlin said it was important for Sweden to publicise the threats it was facing to send a signal “to threat-actors and let them know that we see what you are doing.”
“We are also doing it to continually raise awareness in society, in order to develop our cybersecurity and collective resilience, and so that we can act in solidarity with our allies and partners.”
Additional sources • AFP