There have been rumors in the security community for several weeks now about outages in the Swedish Air Traffic Control System that may have been caused by malicious activity. Now reporting indicates these rumors may in fact be true.
There have not been any official government reports on this, and there is no publicly available forensic information we can analyze, but press reports indicate that outages between 4 and 9 November that were initially attributed to solar flares were actually due to Russian sponsored attacks.
International Business Times reports that:
Swedish authorities traced the source of the attack to an Advanced Persistent Threat (APT) group that has previously been linked to the Russian military intelligence agency, Spetsnaz GRU. Although Sweden is not part of Nato, it was so concerned that it sent urgent messages warning neighbouring countries that are Nato allies about the ongoing cyberattacks.
We believe this reporting is valid for two reasons:
- No one in the Swedish government is denying them or burning the source in any way
- The reporters covering this story and the outlets they represent are generally known to do good work and have reported reasonably accurately in the past.
Our assessment: Now that this attack vector has been proven to be successful and now that it has occurred with no consequences to the attacker, we can expect more attacks like this in the future.
Additional Reading:
If You Drive A Car, Or Know Someone Who Does, You Must Read This…
Pulitzer Prize-Winning Fred Kaplan Explores The Secret History of Cyber War
What You Need To Know About The Administration’s Cybersecurity National Action Plan
Like Kip in Napoleon Dynamite, We love Technology