Sweden’s power grid operator Svenska kraftnät confirms cyberattack linked to Everest ransomware gang

Svenska kraftnät, Sweden’s national electricity grid operator, has confirmed it was the target of a cyberattack after the Russia-linked Everest ransomware group claimed responsibility for stealing hundreds of gigabytes of company data.

The breach was discovered on Saturday when a cybersecurity expert alerted Svenska kraftnät that Everest had listed the organization as a victim on its dark web leak site. Such sites are typically used by cybercrime groups to publicize stolen information and pressure victims into paying ransom demands.

Cem Göcgoren, head of information security at Svenska kraftnät, said the company immediately launched an investigation and reported the incident to police. “We take this breach very seriously and have taken immediate action,” Göcgoren said in a statement on Monday. “We understand that this may cause concern, but the electricity supply has not been affected by this breach.”

Göcgoren added that while the investigation remains ongoing, there are currently no indications that mission-critical or operational systems were impacted. The breach reportedly involved an external file transfer solution used by the operator. Svenska kraftnät said it is still assessing what information may have been exposed and will provide updates once more facts are established.

In a post on X, formerly Twitter, the Everest ransomware gang claimed responsibility for the attack, alleging it had exfiltrated 280 gigabytes of Svenska kraftnät’s data. The group did not specify what types of information were stolen. Svenska kraftnät said it would not comment on potential perpetrators or motives until more details are confirmed.

Everest has become one of the most active ransomware groups in recent months. Earlier this week, the gang claimed to have breached Dublin Airport, threatening to leak data belonging to more than 1.5 million passengers unless its demands are met. The cybercriminal organization, first detected in 2021, has also claimed responsibility for high-profile incidents involving AT&T, Coca-Cola’s Middle East division, Allegis Group, and gourmet cookie chain Crumbl.