Foreign power influence campaign carried out through breach of data security
Published 25 September 2024
The Swedish Security Service has conducted a criminal investigation into gross breach of data security by a foreign power. The purpose of this breach is assessed to be an influence campaign carried out on assignment by the Iranian regime.
The breach occurred in the summer of 2023 against a company that has a bulk text messaging service. By gaining access to this service, an Iranian cyber group sent out a huge number of text messages urging acts of revenge against Quran burners.
– The Swedish Security Service has established that a cyber group acted on assignment by the Iranian Revolutionary Guards to carry out an influence campaign. One of the purposes of this was to create a picture of Sweden as an anti-Islam country and to create divisions in Sweden, says Fredrik Hallström, Head of Operations at the Swedish Security Service.
Certain foreign powers have a high capability to carry out cyber attacks, often with a long-term goal in mind. They use a variety of methods in such attacks, often doing so in a way that enables them to hide the fact that a country lies behind the attacks. Our Service has for some time now noted that Iran uses criminal networks to carry out acts of violence against other countries.
– We take the security-threatening activities being carried out against Sweden very seriously. A combination of legal and illegal methods could be used in such activities, the aim of which could be to create stability for one’s own regime, to discredit other countries, to steal information, or to influence policy making. Vulnerabilities and opportunities that arise could be systematically exploited for the purpose of carrying out security-threatening activities, says Fredrik Hallström.
The Swedish Security Service knows that certain foreign powers such as Iran act upon opportunities that arise in order to create divisions and to strengthen their own regime. By exploiting vulnerabilities, cyber threat actors are able to obtain access to systems that are subsequently exploited at an opportune time.
– Certain foreign powers exploit vulnerabilities for the purpose of promoting their own agendas. We now note that they are doing so in an increasingly aggressive manner, and this is a development that is likely to escalate. In this context, it is important that all parts of society review their level of protection against such activities and make sure that it is adequate, says Fredrik Hallström.
The criminal investigation into breach of data security in the summer of 2023 was closed because the requirements for prosecution abroad or extradition to Sweden were not met.
Read the press release (in Swedish) published by the Swedish Prosecution Authority
Published
25 September 2024
Share this article