Sweden's power grid operator Svenska Kraftnät confirms ransomware attack, data breach

Svenska kraftnät, Sweden's state-owned national power grid operator, has confirmed it suffered a data breach. The incident, discovered on October 25, 2025, and officially reported on October 26, 2025, has been claimed by the Everest ransomware gang.

The transmission system operator is responsible for managing approximately 15,000 kilometers of Sweden's high-voltage electricity grid and ensuring the nation's power supply remains stable and secure. Svenska kraftnät is also responsible for coordinating cross-border electricity exchanges and maintaining the balance and reliability of the energy market.

According to Cem Göcgören, Chief Information Security Officer at Svenska kraftnät, the organization is currently conducting an investigation to determine what information was compromised and how it might affect operations. The breach affected a limited external file transfer solution, not the core operational systems. 

Svenska kraftnät claims that there are currently no indications that the electricity system itself has been affected or compromised. Sweden's power infrastructure continues to operate normally, with no disruptions to electricity transmission or distribution across the country.

The Everest ransomware gang claims they had exfiltrated approximately 280 gigabytes of internal data. The threat actors warned they would publish the stolen data unless Svenska kraftnät complied with their ransom demands.

No details are disclosed about the exposed data or number of affected individuals. 

Svenska kraftnät reported the incident to the Swedish police, the Swedish Civil Contingencies Agency (MSB) and other government agencies specializing in cybersecurity and critical infrastructure protection. Cert-SE is supporting Svenska kraftnät. The Minister for Energy and Business Ebba Busch confirmed that authorities are in close contact with the agency.