The attack was mainly directed at firms providing IT services to other businesses, organizations and government agencies. According to the civil contingencies agency (MSB) it has been going on since at least 2016, but was likely initiated as early as 2014.
The government has been informed of the attack, carried out by a group dubbed APT10.
“Information security is a high priority for the government and has been ever since the government took office. We have now received further signals about how important information security is. All companies and government agencies that handle protected information must therefore work systematically with their information security,” Sweden's interior minister Anders Ygeman commented in a statement.
It is not known how many Swedish authorities and organizations are affected, but Swedish IP addresses have been used to coordinate attacks and collect stolen data, confirms MSB.
Targets in the United States, Taiwan and Japan are also among those affected in the attack, known as 'Cloud Hopper'. Sweden, Norway, Finland, the United Kingdom, France and Switzerland are some of the European countries where firms have been targeted. International media report that the attack originated in China.
Sweden's security police Säpo listed cyber security as one of the key points in its annual report earlier this year, with increased digitalization making Swedish agencies more vulnerable.
Failings have previously been observed at several institutions, with often inadequate internal security analysis noted. Säpo described the situation last month as the “growing gap between threat and protection” – the threat against these organizations is increasing because of the digital age, but their security levels aren't keeping up.