Sweden probes reported leak of e-government platform source code

Sweden is investigating a reported leak tied to CGI Sverige after hackers claimed they exposed source code from the country’s e-government platform.

A threat actor has claimed to have leaked source code and other sensitive material it said came from CGI Sverige, the Swedish subsidiary of global IT consulting and outsourcing firm CGI Group.

Cybersecurity accounts on X and local media reported Thursday that a threat actor calling itself ByteToBreach had published the material online, according to Swedish news outlet Aftonbladet.

CGI told Aftonbladet its cybersecurity team discovered an incident involving two internal test servers in Sweden that were not used in production. The company said an older application version and its source code were accessible, but that there was no indication that customer production data or operational services were affected. CGI press secretary Agneta Hansson confirmed to the news outlet that authorities are investigating the leak.

About 95% of Sweden’s population of 10.7 million used e-government services in 2024, according to Eurostat data. 

The leaked files could include the platform’s source code and configuration files, internal staff database, citizens’ personally identifiable information databases, electronic signing documents and other sensitive data.

Cointelegraph contacted CGI Group and Sweden’s national IT incident center, CERT-SE, for comment on the reported leak.

However, Carl-Oskar Bohlin, Sweden’s minister of civil defense, confirmed the data leak and said the government is working with CERT-SE and the National Cyber Security Center to identify the culprits.

IT security expert Anders Nilsson confirmed that the hacked resources seemed authentic. “Source code for several programs seems to exist, and from what I can see, the hack looks genuine,” Nilsson wrote in an email to media outlet SVT.

Related: SlowMist introduces Web3 security stack for autonomous AI agents

Hackers are increasingly targeting public-facing cyber infrastructure throughout Sweden and Europe, warned threat intelligence platform Threat Landscape.

“This is not an isolated incident,” the platform said in a Thursday report.

Related: French couple robbed of $1M in Bitcoin by criminals posing as police

The threat actor claimed to have leaked the full source code of the e-government platform, sharing multiple supporting materials.

Threat-intelligence researchers said the exposure could still carry follow-on risk if attackers use the leaked code or documentation to identify weaknesses in public-facing systems, though the full contents of the dump have not been independently verified.

Magazine: Meet the onchain crypto detectives fighting crime better than the cops

Source: CoinTelegraph