Sweden’s national electricity grid operator, Svenska kraftnät, has confirmed that it suffered a cyberattack involving ransomware and a data breach. The agency, which manages the country’s high-voltage power network, revealed that hackers broke into its internal systems and stole about 280 gigabytes of internal data.
In a brief statement on its website, Svenska kraftnät said it is investigating “to find out what information has leaked and how it might affect us.” The organization emphasized that the electricity supply and grid operations remain unaffected, and all mission-critical systems are functioning normally.
Cem Göcgören, Head of Information Security at Svenska kraftnät, explained that the team has found no signs the power system itself was impacted. He added that the investigation will continue until the agency fully understands what information was accessed and whether any sensitive details were exposed.
The breach has raised concerns because Svenska kraftnät is responsible for operating and maintaining Sweden’s entire national transmission system — a vital infrastructure that supports homes, industries, and public services across the country.
NSE hit by 40 crore cyberattacks during ‘Operation Sindoor’ simulation, systems stay secure
Ransomware Group Everest Claims Responsibility
A ransomware group calling itself Everest has claimed responsibility for the attack on Svenska kraftnät. The group announced its involvement on the dark web, saying it had stolen around 280 GB of files. Although the hackers did not share details about the stolen data, they claimed to have confidential internal information and are now demanding money to prevent its release.
Cybersecurity experts describe Everest as a Russian-speaking ransomware organization, but not one linked to any state or government. The group has been active for several years and has carried out attacks on various companies and institutions worldwide. However, it is not considered a highly sophisticated or dangerous collective.
In fact, Everest became somewhat infamous after a 2024 incident involving a small data breach at Mailchimp, which many cybersecurity professionals mocked for being insignificant. That episode damaged the group’s reputation, leading some experts to label it as an unskilled or opportunistic outfit rather than a major cyber threat.
Despite this, Everest’s latest claim has drawn attention because targeting a national grid operator — even without affecting its operations — highlights how ransomware groups continue to pressure governments and critical infrastructure providers to pay ransoms. Authorities are analyzing how the attackers gained access to Svenska kraftnät’s systems and which parts of the network were compromised.
Investigation Ongoing but Power System Safe
Svenska kraftnät confirmed that its cybersecurity specialists and engineers are working around the clock to determine the full extent of the attack. The investigation is focusing on identifying what data was taken and whether any of it could affect the agency’s operations, employees, or partners.
Spain–Portugal metro disruption shows challenges in managing cyber and operational safety
Cem Göcgören stated that, at this stage, no operational systems controlling the flow of electricity were affected. These critical systems are kept separate from administrative networks, which appear to have been the target of the breach.
The agency has not disclosed the ransom amount or whether it plans to pay the attackers. In line with international practice, paying ransom demands is generally discouraged, as it fuels more attacks and offers no guarantee that the stolen data will be deleted.
Experts believe that, even though the hackers did not disrupt electricity supply, such breaches can still have serious consequences. Internal documents, communications, or employee data might have been exposed, which could create secondary risks or privacy concerns.
Svenska kraftnät said it continues to cooperate with Swedish authorities and cybersecurity professionals to strengthen its systems and trace how the attack occurred. The agency reassured the public that electricity delivery remains stable, and there are no threats to Sweden’s national power grid operations at this time.
The situation remains under careful observation as investigators work to assess the data breach and protect the integrity of Sweden’s critical energy infrastructure.
