Swedish Security Service warns — constant cyberattacks on Swedish organizations
Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.
Sweden's Security Service (Säkerhetspolisen) has released its annual threat assessment. The message is clear: cyberattacks against Swedish public and private sector organizations are constant and ongoing.
CERT-SE highlights the report in its weekly briefing v.12 alongside concrete threats: the Interlock ransomware group is actively exploiting a Cisco FMC vulnerability (CVE-2026-20131), and the DarkSword iOS attack chain has been confirmed in active use.
Russia front and center
The same week, CISA and FBI issued a joint advisory warning that Russian intelligence services are actively compromising WhatsApp and Signal accounts. Thousands of accounts have been taken over globally. Attackers can read messages, view contact lists, and send messages as the victim.
The Region Värmland phishing breach — where attackers had access to email accounts for months — shows that Swedish organizations are already targets.
What this means for your business
Even a 10-person company has data that interests attackers: customer lists, proposals, credentials that can be used as a stepping stone to larger targets.
Concrete steps
- Review anti-phishing policies in
Defender for Office 365— is impersonation protection enabled? - Run an awareness session focused on phishing via messaging apps — not just email.
- Check Conditional Access — do you require compliant devices and MFA for all apps?
- Review Intune MAM policies to protect company data in WhatsApp and Signal.
How we can help
We offer a Security Assessment (half day) reviewing your security posture against Säpo recommendations, or an Awareness Package with tailored training. Contact us.