Impacts of Geopolitics to Cyberspace: Sweden Faces Intensifying Hacktivist Attacks

On June 28, Salwan Momika, an Iraqi immigrant to Sweden, burned a Qur’an outside a Stockholm mosque. This act, coinciding with the start of the Muslim Eid al-Adha holiday, included wiping his shoes with torn pages of the Qur’an and placing bacon inside, deeply offending Muslims.

Momika’s demonstration was legally permitted in Sweden after three months of legal proceedings and two court decisions. Identifying as a militant atheist, he aimed to denounce Islam and religion as evil. This incident has turned into a significant issue for Sweden as it seeks to join NATO.

Sweden’s NATO bid, requiring unanimous approval from member states including Turkiye, has been jeopardized by this incident. Turkiye and other countries with Muslim majorities reacted strongly, complicating the NATO aspirations further. We witnessed the real life effects of this incident as well as its reflections in the cyber arena. Especially cyber threat actors with the title “Hacktivist” made Sweden the main target at that time.

The incident in June was not the only incident, Salwan Momika’s repeated actions led to Sweden being targeted again and again, especially by Islamic-oriented hacktivist/hacker groups.

In fact, South Asian Hacktivist Groups, Middle Eastern Muslim Groups, and Iranian Groups, which came closer to each other during the Israel-Hamas conflict, became Russian sided in the cyber world in a sense. Of course, since Russian groups also contain many members of Muslim origin, both the same sensitive values and political agendas were aligned.

Also on the day of the incident, Vladimir Putin visited the predominantly Muslim Dagestan Autonomous Republic of the Russian Federation, where he received a copy of the Qur’an. This allowed him to emphasize that, unlike in Western countries, Qur’an burning is prohibited in Russia. Russia’s only gain in identifying common enemies was not the Muslim population.

Sweden and Ukraine

In the context of the Russia-Ukraine war, Sweden is seen as one of the leading states in terms of both aid packages and military aid. As the Government Offices of Sweden states: “Since Russia launched a full-scale invasion of Ukraine, Sweden has provided military, humanitarian and civil support to support Ukraine. Since February 2022, Sweden has contributed approximately SEK 52 billion (approx. EUR 4,5 billion*) to various initiatives that support Ukraine (29 May 2024). Together with the EU, Sweden has also adopted macroeconomic support and several sanctions packages against Russia.”

Of course, this makes Sweden a natural target for Russian hacktivist groups.

If we look at the dates, we can see that there were attacks parallel to the incident mentioned above. It was stated that the attacks were due to both the Qur’an burning incident and Ukrainian aid packages.

It also leads to the collaboration of many Russian “hacktivist” groups.

Sweden Joins NATO

Despite all the controversy, on March 7, Sweden officially joined the NATO military alliance, ending decades of neutrality amid rising concerns about Russia’s aggression in Europe following its invasion of Ukraine.

Although it was not said that the actions were taken because of the NATO joining, it was obvious that the attacks were intensifying.

Throughout the past week, the main target of NoName057 and Cyber Army of Russia remained as Sweden. Almost all of them were DDoS attacks. Furthermore, news about Sweden’s permission on the use of donated weapons on Russia’s territory sparked a new controversy.

Kyiv has persistently advocated for increased flexibility in targeting Russian sites, urging Western nations to remove restrictions on the use of donated weapons.

Although some countries have quietly acquiesced to this request, Ukraine’s key supporters like the US remain cautious due to concerns about potential escalation of the conflict. Thus, this important news continues to make Sweden the number one target.

Another pro-Russian group shared a NATO expansion map and stated that they would target Sweden.

After this post, they claimed an alleged attack. As in their saying:

“We attacked Sweden’s infrastructure. In this attack, we took control of HMI and PLCs belonging to Unitronics and Siemens in Stockholm. We also had access to a large number of Mobotix cameras across Sweden. Be careful, this is just the beginning of the game. “

How Do the Attacks Affect Cyberspace?

In summary, the recent geopolitical tensions may have significantly impacted Sweden’s cybersecurity landscape, particularly through the lens of hacktivism. Following the actions of Salwan Momika, Sweden has seen a marked increase in cyber attacks,

Thus, the act of Qur’an burning has not only incited outrage among Islamic countries but has also galvanized cyber threat actors. Hacktivist groups leverage the incident to justify their attacks, portraying them as a defense of religious values against perceived Western disrespect.

The cyber attacks primarily manifest as Distributed Denial-of-Service (DDoS) attacks aimed at crippling Swedish governmental and institutional websites. DDoS attacks are a favored method due to their simplicity and immediate impact, making them a go-to tactic for hacktivist groups seeking to cause disruption and draw attention to their causes. The volume and frequency of these attacks have increased in parallel with Sweden’s geopolitical actions and its support for Ukraine in the ongoing conflict with Russia.

Collaboration Among Hacktivist Groups

The geopolitical tensions have also fostered an unusual level of collaboration among disparate hacktivist groups. Middle Eastern, South Asian, and even some Russian-aligned groups have united in their cyber campaigns against Sweden. This convergence is partly driven by shared political and ideological motivations, reflecting a broader trend where geopolitical conflicts spill over into the cyber domain, creating a complex and multifaceted threat landscape.Lastly, Sweden’s bid to join NATO has further complicated the situation.

The Role of Cyber Threat Intelligence

Effective defense against these attacks hinges on robust Cyber Threat Intelligence. By analyzing the Tactics, Techniques, and Procedures (TTPs) of these hacktivist groups, cybersecurity teams can better anticipate and mitigate the impact of these attacks. CTI helps distinguish between credible threats and misinformation, ensuring a focused and effective cybersecurity response.

In conclusion, the geopolitical tensions surrounding Sweden have significantly heightened its vulnerability to hacktivist attacks. However, Sweden is neither the first nor the last victim of this intense interest.