Nixu Threat Intelligence Bulletin: Sweden Under Pressure – Advania & Kalmar Attacked

Nixu Threat Intelligence Team

Threat Intelligence Team

February 8, 2024 at 16:00

In Nixu Threat Intelligence's January "TI Now" report, we touched on the major incidents impacting the threat landscape in January. Alarmingly, a number of events centred around Sweden, including Sweden's progress towards NATO membership and the Tietoevry ransomware attack. Now, in recent days, further Swedish entities have suffered substantial cyberattacks.

  1.  6 Feb 2024 - Kalmar Municipality suffers attack by Akira ransomware (same actor implicated in the Tietoevry breach). Kalmar's network was down with a number of businesses and affilitated organizations impacted. Notably, there have been issues in accessing the records of health care patients and accessing facilities throughout the region.
     
  2. 6 Feb 2024 - IT service provider Advania uncovered an anomaly in a limited part of their client environment. It is clear that the intrusion was by an external actor. Advania has made two public statements on the event and has confidently stated it has contained the attack to one specific environment. Those clients have been informed. Advania has stated that no threat demands nor malicious code have yet been detected, making it unclear if this was an attempted ransomware attack or something else. Approximately 60 companies have been impacted, including the forced closure of health care centres.

Swedish organisations need to be on alert. This was also the message from Nixu's CISO Patrick Andersson in his recent article at Nya Wermlands-Tidningen, where he highlighted that "a multifaceted approach is required for integrating multiple layers of safeguards, driven by skilled employees, robust processes and advanced technology". He also recommended that "organisations feeling uncertain about their own cyber security capabilities should turn to experienced cybersecurity providers who can cover everything from vulnerability scans and penetration tests to priority action advice based on the organisation’s current maturity level".

Andersson also noted that "regardless of industry, a fundamental aspect of cyber security is having control over who has access to your networks and IT systems". This includes not only organisations' own IT providers but also organisations' direct partners along with their subcontractors. 


Link: https://www.svt.se/nyheter/lokalt/smaland/misstankt-it-attack-mot-kalmar-kommun
Link: https://www.advania.se/nyheter/information-om-pagaende-sakerhetsincident
Link: https://www.aftonbladet.se/nyheter/a/EQ6goP/vardcentraler-utsatta-for-it-attack
Link: https://www.nwt.se/2024/02/01/sa-rustar-du-dig-mot-framtidens-cyberattacker-254ed/

Next Steps
==========
- Implement Continuous Vulnerability Management in order to prioritise and tackle uncovered flaws.
- Use threat intelligence to catch the latest exploits, patches and mitigations that specifically affect your business - patch accordingly.  
- Use Multi-Factor Authentication (MFA) as widely as possible to secure accounts and throw up roadblocks in front of attackers. 
- Deploy Advanced Threat Hunting to uncover threats that have already bypassed traditional security tools.
- Deploy network and endpoint monitoring tools to protect your systems and look for evidence of encoded commands or the use of unauthorised scanning tools. 
- Know your suppliers, vendors, and other partners. Manage these relationships centrally and know what data they have access to and your dependency on them.

--
Nixu Threat Intelligence
Nixu Corporation
threats@nixu.com

Related blogs