Ahead of Almedalen Week, Säpo will present a new assessment of the threats against Sweden.
There are no major changes compared with earlier, but Säpo notes that as a result of the serious security situation, it has handled a number of different security threats over the past six months.
"It concerns both cases that stem from the actions of state actors, but also those that relate to terrorist activities," says Security Police Chief Charlotte von Essen.
Among other things, cases linked to espionage, right-wing extremism and violent Islamist extremism have led to several indictments and arrests.
Looking for young agents
The terrorist threat remains at level three. The Säpo chief also emphasizes that the terrorist threat and the security threat are increasingly intertwined.
"We see state actors use proxies to carry out attacks, and such an attack can in some cases constitute a terrorist attack."
Säpo notes that Iran continues to seek agents, not least among younger people in criminal networks, to carry out acts of violence in Sweden.
"We continue to see that. Threats against American, Jewish and Israeli interests have increased, as well as against individuals who are influential in the Iranian diaspora," says von Essen.
Previous attacks on Israeli embassies and the Israeli company Elbit Systems in Gothenburg have been linked to Iran. A boy was also recently convicted of the attempted murder of a well-known Iran expert in Sweden.
But there are more current cases, according to Säpo. Charlotte von Essen, however, does not want to mention any specific cases.
"We work to identify this type of activity as early as possible and intervene to stop it. What we do is often hidden and we don't go into further detail."
Russia continues to be identified as the greatest threat to Sweden. Säpo notes that Russia has also begun using proxies to carry out attacks.
"There are many clear examples from other parts of Europe where digital means have been used to target young people to act as proxies to carry out various types of sabotage."
Destructive cyberattacks
In Sweden, Säpo has seen examples of attempted destructive cyberattacks that may be linked to Russia. The cyberattack was directed at a heating plant in western Sweden in the spring of 2025, and the fact that it was "destructive" is cited as a sign of changed, more risk-prone Russian behavior.
Säpo also notes that Russia has identified activities worthy of protection, but does not want to say what these are.
"The mapping can be used at a later time; it could be part of war preparation measures," says the Säpo chief.
Swedish security is characterized by a serious security situation.
In the past six months, several security-threatening incidents from foreign powers and violent extremists have been handled.
These include suspected attempted espionage, suspected sanctions violations, unauthorized possession of classified information, preparation for terrorist crimes and participation in a terrorist organization.
The terror threat level remains at an elevated level, three on a five-point scale. This means that a terrorist attack may occur.
Säpo has so far seen no concrete threat specifically aimed at the elections this fall.
Source: Säpo
