A threat actor has leaked source code and sensitive material from Sweden’s e-government platform, managed by IT firm CGI Sverige. Swedish authorities have launched an investigation into the breach, which reportedly includes internal databases and citizen data. Cybersecurity experts warn this is part of an ongoing campaign targeting Swedish and European infrastructure.
A threat actor calling itself ByteToBreach has claimed to leak source code and sensitive material tied to Sweden’s e-government platform. The incident has prompted an investigation by Swedish authorities and an incident response from CGI Sverige, the local subsidiary of global IT giant CGI Group.
CGI stated its cybersecurity team discovered an incident involving two internal test servers in Sweden that were not used in production. The company confirmed an older application version and its source code were accessible but indicated no customer production data or operational services were affected, according to local news. About 95% of Sweden’s population used these e-government services in 2024, based on Eurostat data.
Sweden’s Minister of Civil Defense, Carl-Oskar Bohlin, confirmed the data leak. The government is working with CERT-SE and the National Cyber Security Center to identify the culprits.
IT security expert Anders Nilsson assessed the hacked resources seemed authentic. “Source code for several programs seems to exist, and from what I can see, the hack looks genuine,” Nilsson wrote in an email. Threat intelligence platform Threat Landscape warned this is not an isolated incident.
The platform stated in a report that hackers are increasingly targeting public-facing cyber infrastructure throughout Sweden and Europe. “ByteToBreach is the same actor responsible for the Viking Line breach posted just one day prior, suggesting an ongoing campaign targeting Swedish and European infrastructure via CGI’s managed services footprint,” the report said.
