The information that a hacker group has obtained from Svenska kraftnät is not supposed to have affected the power supply, according to a press release from the authority.
However, it is not clear what information the attackers have been able to access, only that it concerns "a limited, external file transfer solution".
It could be a service used to transfer files that are too large to email, then it is probably less dangerous. It can also be a solution used to communicate securely with external parties, then it is worse, says Karl-Emil Nikka, IT security expert from Stöldskyddsföreningen.
"Fundamentally sensitive activity"
At Svenska kraftnät, there is sensitive information related to the operation of the Swedish power grid.
It is fundamentally a sensitive activity. In the worst case, unauthorized individuals could gain access and take control of the controls and shut down parts of it, says Pontus Johnson, professor at the Center for Cyber Defense and Information Security at KTH in Stockholm.
It is mainly states that are interested in such attacks, according to him. Russia, for example, has done similar things to Ukraine. But when it comes to cybercriminals, it is rarely geopolitical motives behind, but economic. They simply want money.
It is likely that the attackers have not obtained security-classified information about the power grid's structure or information about weak points in the system, says Pontus Johnson.
"Everyone has weaknesses"
It may be information from economic or personnel systems. It is not something you want to leak, but it does not affect power supply.
When asked how hackers can gain access to Svenska kraftnät's systems, the answer is that it is simply not possible to make completely secure systems.
– Everyone has weaknesses and even if they are difficult to find, it is possible, he says.
