Sweden's airspace shut down by Russian APT, not a solar storm

A cyberattack launched by a Russian APT group may have jammed Sweden’s air traffic control capabilities, that was initially attributed to a solar storm.
A cyberattack launched by a Russian APT group may have jammed Sweden’s air traffic control capabilities, that was initially attributed to a solar storm.

In early November 2015, the Swedish Civil Aviation Administration announced that a solar storm had knocked out the country's air traffic control systems, causing the agency to cancel domestic and international flights flying into and departing from Swedish airports, shutting down the country's airspace for more than an hour.

A new report disputes the administration's version of the November events. According to the Norwegian publication Aldrimer.no, a cyberattack launched by a Russian APT group may have jammed Sweden's air traffic control capabilities.

Even as the aviation agency's representatives were busy detailing to media outlets the solar storm that they claimed “created disturbances in the Earth's magnetic field, which affected radar installations” (despite no nearby countries experiencing a disruption), Swedish officials were alerting NATO that the agency was being targeted in a serious cyberattack, according to the publication.

Two messages were sent to NATO, Aldrimer.no reported, speaking with a senior source at NATO, requesting anonymity. The APT group behind the attack was reportedly previously associated with Russia's military intelligence unit GRU, although the APT was not named.

The APT group APT28, also called Pawn Storm, has been linked to multiple attacks against political opponents and other nations, including the government of Turkey, an unnamed NATO country, Ukrainian political targets, and an activist punk rock band.

Sweden is not a NATO country, and is considerably more vulnerable to Russian aggression and cyberattacks, but the nation borders on NATO members Norway and Denmark.

Earlier this week, it was reported that attackers hacked Swedish military servers and used the servers to launch DDoS attacks against financial institutions in the U.S.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS