From CUBA to Sudan – Threat to Sweden Security

In recent months, Sweden has experienced a wave of cyberattacks that have left the country’s security experts on high alert. Anonymous Sudan The perpetrators of these attacks come from disparate parts of the world – from the Cuban organisation (CUBA), a group of Russian e-criminals that appear to target Swedish national institutes just for the fun of it, to the politically motivated hacktivists Anonymous Sudan. The situation has left many wondering if there is a coordinated effort to undermine Sweden’s security and, if so, who is behind it.
Cuba to Sudan, Treat to Sweden's Security  motivated by Anonymous Sudan

Adding to the confusion is the involvement of a group known as Killnet, which has been linked to some attacks. Meanwhile, questions are being raised about the motives behind the attacks. Were they in response to Sweden’s application for NATO alliance, or were they related to the burning of a Quran by a far-right extremist in Sweden?

Several Swedish organisations have been targeted in these attacks, including those with servers hosted in IBM Cloud. Furthermore, an attack on Denmark was reportedly stopped in its initial phase, but the details surrounding this event are unclear.

As Sweden tries to grapple with this new threat, it is essential to understand the motivations and techniques of these cyber attackers. This blog post will explore the recent attacks and attempt to illuminate the ongoing situation. We will also look at the impact of these attacks on Sweden’s security posture and what can be done to prevent further incidents.

The Growing Threat of Cyberattacks in Sweden: A Overview

As cyberattacks become more sophisticated and frequent, Sweden is increasingly becoming a target. The recent attacks by the CUBA organisation, allegedly Russian e-criminals targeting Swedish national institutes, have raised concerns about the level of cyber threat the country faces. Additionally, the Anonymous Sudan group claiming to be politically motivated hackers from Sudan, have been conducting denial of service (DDoS) attacks against multiple organisations in Sweden. Complicating matters further, the situation is made more unclear by the claim that the Anonymous group has cancelled the activities of the Anonymous Sudan group, leading to questions about who is behind the attacks.

Further investigation has revealed that Killnet is believed to be behind some of the recent attacks in Sweden. The attack on Denmark was stopped in its initial phase, but the servers hosted in IBM Cloud believed to belong to Killnet, continue to threaten Sweden’s security. With such a range of actors and motivations, it is becoming increasingly difficult to determine who is behind these attacks and their ultimate goal.

Given the growing threat of cyberattacks in Sweden, organisations must remain vigilant and take steps to protect themselves. This includes implementing strong cybersecurity measures and continuously monitoring for potential threats. It also means working with law enforcement and other organisations to share information and coordinate attack responses. As the threat landscape continues to evolve, organisations in Sweden must take proactive steps to protect themselves and their sensitive data.

Anonymus Sudan Attacks

Scandinavian Airlines (SAS) recently experienced a security breach where its website was taken down by a group calling themselves Anonymous Sudan. During the attack, customers who attempted to log into the airline’s app were redirected and shown information from other passengers’ accounts. The incident happened shortly after a far-right politician burned a Quran near the Turkish embassy in Stockholm during a protest in January, an event a former contributor funded to the Russian state-funded outlet RT. In response to the book burning, Anonymous Sudan claimed to have carried out several denial-of-service attacks against various organisations in Sweden.

These alleged attacks have targeted Swedish airports, banks, railways, airlines, media, telecommunication providers, and organisations in the country’s health and education sectors. While these attempts did not cause significant downtime, Anonymous Sudan also claimed responsibility for knocking Sweden’s national broadcaster SVT offline around the same time as the attack on SAS.

Some experts, including Marcus Murray, founder of the Swedish cybersecurity firm Trusec, have cautioned that Anonymous Sudan could be a front for Russian operators. They suggest that the Quran burning may have presented an opportunity for Moscow to instigate tension between Sweden and Turkey in an attempt to derail Sweden’s bid to join NATO. Telegram chats revealed that at least one pro-Russian hacker group, UserSec, had pledged support for Anonymous Sudan.

Who are “Killnet”?

A rag-tag group of Russian hacktivists are using cyberattacks and defamation campaigns to target European governments, infrastructure, and even the prestigious Eurovision song contest to discourage support for Ukraine in the conflict.

The Growing Threat of Cyberattacks in Sweden: CUBA to Sudan and Anonymous Sudan

Last summer, the pro-Kremlin hacking group known as Killnet unleashed a flurry of attacks against vital Western government networks and infrastructure, noisily proclaiming triumphs on social media and in Russian media while generating problems for Russia’s rivals’ security agencies.

Killnet significantly varies from the highly experienced hackers employed by Russia’s intelligence agencies, such as Fancy Bear and Sandworm, who achieved notoriety for their hacking of the American Democratic National Committee and the release of the deadly ransomware known as NotPetya, respectively. On the other hand, Killnet is more akin to a furious, nationalist online mob outfitted with subpar cyber-offensive means and strategies. It is incredibly effective at creating a narrative about the war.

DDoS Attacks

The gang gained notoriety for conducting distributed denial-of-service (DDoS) assaults and “defacing” websites by posting statements in favour of Russia on websites they hacked. It first surfaced as a hacker-for-hire provider in January. Still, the group rapidly became very loud in support of Russia’s invasion when tanks from that country entered Ukraine at the end of February.

It targeted more than ten Western nations in the previous year, including Estonia, most recently. In May, the group launched one of its more well-known attacks: a criticism of the Eurovision song contest. Due to Russia’s exclusion from the competition, the cyber collective tried a DDoS attack. Italy’s authorities stopped the attack only after the Senate and National Health Institute websites were attacked in retaliation.

Following Vilnius’ blockage of cargo to the Russian region of Kaliningrad in June of last year, KillNet’s targeting of Lithuania boosted it in the Russian media. Margiris Abukeviius, the nation’s Vice Minister of National Defense, claimed that the operation ultimately had “minimal success” because few websites were taken down, but the publicity it received was enormous. The organisation threatened to continue attacks unless Lithuania permitted the transportation of commodities to Kaliningrad in a video message that was widely shared online.

The Importance of Public Awareness and Education in Strengthening Sweden’s Cybersecurity

As cyber threats continue to grow in Sweden, public awareness and education have become increasingly crucial in strengthening the country’s cybersecurity. Recent incidents, such as the hacking of Scandinavian Airlines (SAS) by Anonymous Sudan, have highlighted the need for individuals and organisations to understand better the risks they face and take steps to protect themselves.

This includes using strong passwords, keeping software and systems up-to-date, and being cautious of suspicious emails or websites. Additionally, organisations can benefit from providing cybersecurity training to their employees and implementing security protocols and procedures to safeguard their systems and data.

Furthermore, raising public awareness about cyber threats can also help promote a cybersecurity culture and encourage individuals to take steps to protect themselves. This can involve educating individuals about cyber threats, the importance of regular software updates, and the risks associated with using unsecured networks or sharing personal information online.

As cyber threats evolve and become more sophisticated, Sweden must prioritise public awareness and education to strengthen its cybersecurity defences and protect against potential attacks.

Looking Ahead: What Does the Future Hold for Sweden’s Cybersecurity?

As Sweden looks ahead, it must improve its cybersecurity infrastructure and stay ahead of emerging threats. This may include investing in new technologies like AI and machine learning to enhance threat detection and response capabilities. It will also require collaboration between government agencies, businesses, and cybersecurity experts to share information and best practices.

Public awareness and education will also be critical in strengthening Sweden’s cybersecurity. By educating individuals on safe online practices and raising awareness of cyber threats, the country can better prepare its citizens to protect themselves and their data. This can include everything from promoting strong password hygiene to training employees to recognise and respond to phishing attempts.

As the cyber landscape evolves, Sweden must stay vigilant and proactive in protecting its critical infrastructure and sensitive information. Sweden can build a more resilient and secure digital future by taking a multi-faceted approach to cybersecurity.

Russian Hacking Group Claims Responsibility for Cyberattacks on Danish Websites

In January, a Russian hacking group claimed responsibility for a series of cyberattacks on the websites of the Danish central bank, seven private lenders, and the Danish Finance Ministry’s website. The group, NoName057, stated that the attacks responded to Denmark’s support for Ukraine in its ongoing conflict with Russia. The attacks targeted Danske Bank, Jyske Bank, Sydbank, Sparekassen Sjælland-Fyn, Bankinvest, Arbejdernes Landsbank, and Handelsbanken.

The attacks occurred over three days and resulted in either complete or partial inaccessibility to the banks’ websites. The group also claimed responsibility for an attack on Denmark’s National Bank. However, it was not publicised through its official channels as it did not significantly disrupt the global operations of the website.

Danish cyber security experts suspected the involvement of the Killnet hacking group in the attacks, as Killnet is a loosely affiliated group of volunteer hackers that has launched attacks against various organisations in Ukraine and countries that have sided with Ukraine since February.

The attacks on Denmark’s critical infrastructure demonstrate the vulnerability of countries to cyberattacks and the need for strong cybersecurity measures. It also highlights the importance of identifying and tracking hacking groups and international cooperation in preventing and responding to such attacks.

Nick Roddick

Head of Production

Elpidoforos Arapantonis

Senior IT security manager at Volvo

Elpidoforos Arapantonis aka Elpis is Chief Product Security Officer at ecarx in Gothenburg, Sweden. He has academic background in electronics with M.Sc. degrees in distributed systems, as well as in information security. He has long experience working in projects around Autonomous Driving, and Advanced Driver-Assistance Systems in OEMs, from the cybersecurity point of view. His current focus is cybersecurity on infotainment systems as well as vehicles’ off board systems.

Anders Jared

CISO at Bravida

With decades in the area of security I now lead the IT and information security work within Systembolaget AB. This proactive engagement together with my background of analyzing security breaches in criminal investigations renders me a unique understanding of both threats and prevention possibilities in our digitalized world.

Anthony Herrin

Nordic Head of Cyber Underwriting at RiskPoint Group

Anthony has 15 years of experience in the insurance industry with roles within both broking and underwriting. He has focused on cyber risk and insurance since 2015 and is CISM certified. Whilst predominantly on the broking side at Aon, JLT and Marsh over the last few years, he has recently moved to an underwriting role at Riskpoint and will lead their team of Nordic Underwriters.

Bernard Helou

Head of IT Governance at Lendo Group

Bernard has 15 years experience in information security. He has been working as a
cybersecurity consultant to CAC40 companies in Paris for 9 years before taking internal roles as information security manager. From security awareness to data protection strategy or
contingency plans, he has a good overview of security best practices.

Moa Mörner


Moa Mörner is an experienced Data Protection Officer with a demonstrated history of working with questions concerning processing on a large scale of special categories of personal data, both for Controllers and Processors. She is skilled in data protection law, advising on strategic level as well as operative, assessments and recommendations, educating, and managing incidents of personal data breaches. Moa is strong advocate for making data protection and information security working together, when the perspective of the individual (data protection) and the perspective of the organization (information security) allows it.

Today Moa is Group DPO at SJ AB.

Jacqueline Jönsson

CISO at Danish Energy Grid

During my 20+ years in the security sector I have a good feeling about what works in practice and gives results and what doesn’t. The part that engages me most is integration of technical security with legal and financial aspects as well as people’s behavior.

Core skill is CISO work and guiding board members and executives about cybersecurity, operational resilience and business assurance.

Also advice on regulations, directives and practices for the financial services and energy sector.

Jonas Rendahl

CISO at Aurobay

My name is Jonas Rendahl and I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

I am a rather pragmatic person in such respect that I try to listen the organization’s needs and weigh that against potential risks and possible and plausible security measures. I am a firm believer in simplicity over complexity and in setting up the foundation for fruitful conversations by first defining the boundaries and basic concepts to ensure everyone understand each other.

Klas Themner

CISO/Deputy CEO at AMRA Medica

Klas Themner has, as AMRA’s Chief Information Security Officer, overall responsibility for the management of the company’s information security. Klas has been at AMRA since 2017, mostly in the role of COO, also keeping the role of deputy CEO. Before joining AMRA Medical he had 20+ years of experience as COO & CFO in a number of different listed medical device companies within advanced medical image processing and across all imaging modalities. Previously to Life Science, Klas spent 10 years with the Swedish defense industry. He has an engineering background and holds a PhD in Nuclear Physics from Lund University.

Lorena Carthy-Wilmot

Senior advisor in Digital Policing (DPA) at Lillestrøm police station

Former Head of the Forensic Technology Services Lab at PwC in Oslo. Now Senior Advisor in the field of Digital Forensics at the Norwegian Police, East District.


Future leader of cybersecurity sector at Einride

I'm a Senior Security Advisor within the IT/Telco domain with more than 25+ years in the industry.

Thea Sogenbits

CISO at Estonian Tax and Customs Board

Thea maintains tax secrecy of everyone in Estonia. As CISO of the Estonian Tax and Customs
Board she leads the security vision and information security management programme as well as the certified information security organization within the ETCB.

Her academic research focuses on the value chains and business models of professional
organized cross-border transnational cybercrime.

She trains and mentors military, public and private executives on hybrid defense and integration of next level defenses to organizational daily policies, practices and culture.

Thomas Evertsson

Head of IT security at DNB Bank

If you are looking for an efficient, Get the Job Done IT Manager with high ambitions then you've found the right person. I am inspired by a fast pace and successfully driving change, both organizational and technical. I see myself as a realistic optimist who is happy to share ideas and knowledge with others. Experience has taught me to be honest, cohesive and consistent, factors I see as important to success.

Tomi Dahlberg

Senior Advisor Cyber Security at State Treasury of Finland

My executive work, IT management and governance centric career started in 1976. I'm still passionate about these topics as they evolve all the time. Since 1984 I've worked in managerial and since 1988 in executive positions in business, academy and consulting (ABC). Business executive is my main career path.

I have worked in business executive positions in software (e.g. Unic), finance (e.g. Danske Bank), telecom operator (e.g. Elisa), nanotechnology, executive consultancy, and IT services. I have written 70+ publications both academic and practical as a part-time professor in business schools since the year 2000 . My research motive is to understand in depth issues that I conduct in business.

Executive work expertise areas: Corporate governance and board work, change management and leadership, strategy work & management, business models, business development, innovation management, finance.

IT executive expertise areas: governance and management of IT, OT, digital business and platform business, CIO/CDO work, IT service management, data management, business and IS development methods.

Benjamin Bauchmann

CISO at Ströer SE & Co. KGa

Speaking session - March 16th, 2023

Visibility is crucial: E-criminals will find your internet-facing assets you do not know much about

You can only protect the assets you know of, so it’s important to have a high visibility on all your internet-facing assets. Even more in times like these in which states/hackers/the bad guys try to cause havoc. They do not need to target you specifically, but they will find your assets, you do not know about.
Biography: If he had been in Troy then, the city would still be standing today. When it comes to security, most people rely on offerings to the IT gods. Not so Benjamin Bachmann, because he sees cyber security as a holistic issue that must consider and address the triad of people, organization and technology in equal measure. In other words, they form the foundation of a sustainable and livable security culture. An industrial engineer by training, he felt called to promulgate these early on on behalf of various consulting firms. Today, as Vice President Group Information Security at Ströer, he is responsible for the strategic security of the entire Group and develops implementable, useable and human-centered security concepts for the subsidiaries. Privately, he has been battling with his friends for years to see who can bake the best wholemeal sourdough bread, is on a sustainable journey and shows that cyber security is not dry-as-dust topic.

Tobias Ander

CISO at Örebro kommun

Speaking session - March 16th, 2023

Raising a cybersecurity culture! - Why is it so important?

Tobias will be delivering an insightful talk on how to comprehend the security implications of a futuristic security strategy. This talk will focus on the importance of incorporating the security function into crucial decisions, and will provide an overview of what such a strategy would look like. He will examine the emerging technologies in the field of security, and explore how they will influence the security strategies of tomorrow.
Biography: Tobias Ander got more than 20 years of experience in information security. Today he is CISO at Örebro Kommun, runs his own company Securebyme and recently released the book Informationssäkerhetskultur (Information security culture) in swedish. Tobias was awarded “This year’s GRC-profile” in 2017 for his commitment in Governance Risk and Compliance.

Ståle Risem-Johansen

CISO at Spare Bank

Experienced senior manager with 20+ within Energy sector as CIO and CISO. Chairman of the Board of Nationwide Security forum in Norway (Energy Sector) for 7 years. Confident with working with regulator and The Office of the Auditor General Strong relationship-builder always aiming to Learn more. If security is done the proper way it will become a business enabler. Currently hold the position as CISO in SpareBank 1 SMN – a part of SpareBank 1 alliance.

Raviv Raz

Cyber & AI Innovation at Ing

Speaking session - March 16th, 2023

How will AI impact CyberSecurity in near future

  • AI is gradually taking a prominent part in Cybersecurity
  • Recent developments in offensive AI pose, in a close future, threat to  conventional security measures, arming malicious hackers with a powerful  technology previously unavailable to the masses
  • Innovative Advancements on both sides of the force
  • Is AI going to help to save the security staffing shortage or lead to a dark future

Raviv has pioneered and disrupted several domains in Cybersecurity including:

  • Network Access Control
  • Web Behaviour Analytics
  • Programming Language Processing

As part of his R&D work in ING he co-founded the CodeFix and PurpleAI innovation initiatives: reducing false-positive alerts in application security testing and using AI in offensive security testing.
Specialising in Application Security, Raviv has blogged, lectured, appeared in the news and released open-source tools used by tens of thousands of hackers.

Including R.U.D.Y that appeared on the TV show Mr. Robot