An Ongoing DDoS Campaign Targeting Sweden

Following an Islamophobic incident where the Qur’an was burned in Stockholm, Sweden, a new wave of cyber attacks, named #OpSweden, has emerged with significant distinctions from previous occurrences.The incident originated on June 28 when Swedish authorities granted a protest permit for an individual to burn the Qur’an near a central Stockholm Mosque after a previous request to burn outside Iraq’s embassy had been denied. Islamic-oriented threat actors and Russia-based hacking groups began to carry out attacks, citing this incident and Sweden’s rapprochement with NATO.

Figure 1. NoName057’s announcement of the attack., Sweden — *Figure 1. NoName057’s announcement of the attack.*

Pro-Russian hacker group NoName057(16), better known as NoName, was among the first to retaliate, launching a stark warning about a cyber-attack on Sweden. On June 28, NoName successfully targeted the Swedish Ministry of Finance websites and railway carrier SJ AB. In the days that ensued, a collection of known and lesser-known hacker groups, including Anonymous Sudan, Team 1919, Islamic Hacker Army, Host Kill Crew, US NEXUS HACKER, Mysterious Team Bangladesh, KEP TEAM, UserSec collective, Team Heroxr, Electronic Tigers Unit, Team R70, GANOSEC TEAM, and Turk Hack Team, orchestrated DDoS attacks on a myriad of Swedish websites.

Follow the Campaign on SOCRadar

While this campaign targeting Sweden is ongoing, mentioned threat groups continue sharing attack news on their Telegram channels. For further information about this campaign, IoCs, attack timeline, and DDoS mitigations, you can check the Campaigns tab on the SOCRadar Labs page or access the campaigns on the SOCRadar platform.