A threat actor has claimed to have leaked source code and other sensitive materials linked to Sweden’s e-government platform, prompting an investigation by authorities in Sweden and an incident response from CGI Sverige.
Cybersecurity accounts on X and local media reported Thursday that a hacker using the name ByteToBreach had published data allegedly taken from CGI Sverige and Sweden’s e-government infrastructure, according to the Swedish newspaper Aftonbladet.
CGI told Aftonbladet that its cybersecurity team identified an incident involving two internal test servers in Sweden that were not used in production systems. The company said an older version of an application and its source code were accessible, but there was no evidence that customer production data or operational services were compromised.
A CGI spokesperson, Agneta Hansson, confirmed that authorities are currently investigating the incident.
Government digital services are widely used in Sweden. According to Eurostat, about 95% of Sweden’s 10.7 million residents used e-government services in 2024.
Reports suggest the leaked materials could include source code and configuration files for the platform, along with internal staff databases, citizens’ personally identifiable information records, electronic signing documents, and other sensitive data.
Swedish civil defense minister confirms cybersecurity incident
Carl-Oskar Bohlin confirmed that a data leak had occurred and said the government of Sweden is working with CERT-SE and the National Cyber Security Center to investigate the breach and identify those responsible.
IT security specialist Anders Nilsson also indicated that the leaked material appears credible. In comments to SVT, Nilsson said the exposed data seems authentic.
“Source code for several programs appears to be included, and based on what I’ve reviewed, the breach looks genuine,” he wrote in an email to the outlet.
Hackers increasingly targeting European infrastructure
Cybersecurity analysts say attacks against public digital infrastructure in Sweden and across Europe are becoming more common.
Threat intelligence platform Threat Landscape warned in a Thursday report that such incidents are part of a broader trend.
“This is not an isolated incident,” the platform said, noting that hackers are increasingly targeting public-facing digital systems and government infrastructure across the region.
“ByteToBreach is the same actor responsible for the Viking Line breach posted just one day prior, suggesting an ongoing campaign targeting Swedish and European infrastructure via CGI’s managed services footprint.”
The threat actor claimed to have leaked the full source code of the e-government platform, sharing multiple supporting materials.
Threat-intelligence researchers said the exposure could still carry follow-on risk if attackers use the leaked code or documentation to identify weaknesses in public-facing systems, though the full contents of the dump have not been independently verified.
