Svenska kraftnät, Sweden’s primary electricity grid operator, has confirmed that it suffered a data breach after the Russia-linked Everest ransomware gang claimed to have syphoned hundreds of gigabytes of the company’s data.
Svenska kraftnät learned about the hacker attack on Saturday, after a security expert notified the company that Everest had posted the company’s data on the gang’s dark web leak site. Cybercartels use these types of underground websites to showcase their latest victims.
“It would have been nicer if we had discovered the breach ourselves,” Cem Göcgoren, Svenska kraftnät’s Head of Information Security, told Västerbottens-Kuriren, a Swedish media outlet.
Meanwhile, Everest claims to have stolen 280GB of the power grid operators’ data. The attackers did not share any information about what type of data they might have obtained.
At the same time, Svenska kraftnät released a statement to dissipate any misunderstandings surrounding the data breach. According to Göcgoren, the company takes the data breach “very seriously” and has taken immediate action to mitigate the issue.
“We understand that this may cause concern, but the electricity supply has not been affected by this breach,” Göcgoren said.
The company says that as of now it cannot reveal specific details about what type of information was exposed, as there’s an active police investigation into the matter. According to a statement by Göcgoren, no critical systems were impacted by the attack.
“As soon as we have more information to share, we will communicate this. We are currently unable to provide any specific details about what information has been exposed, but we see no indication at this time that mission-critical systems have been affected,” the company explained.
Svenska kraftnät claims that attackers affected an external file transfer solution, and the company is investigating what information was handled by the service.
Who is the Everest Group?
The Everest ransomware gang has been on a rampage recently, targeting Dublin Airport earlier this week. The attackers claim they will publish the data of over 1.5 million passengers if their ransomware demands are not met.
The gang, believed to be Russia-linked, was first spotted in 2021. It made headlines after the October 2022 attack on the American telecommunications behemoth AT&T. At the time, Everest said it had access to AT&T’s entire corporate network.
More recently, Everest claimed responsibility for an attack on Allegis Group, a multi-billion-dollar talent management group.
The gang has also targeted Coca-Cola’s Middle East division, eventually leaking the data of nearly 1000 employees. It also claimed a data breach of Crumbl, the North American gourmet cookie shop chain.
According to Cybernews’ dark web monitoring tool, Ransomlooker, Everest has victimized over a hundred organizations over the past 12 months, making it one of the most notorious cybercrime cartels currently operating.
Your email address will not be published. Required fields are markedmarked