Summary

In 2023, a barrage of cyber assaults against Sweden signaled a massive shift in global dynamics. As Sweden worked towards joining NATO and supporting Ukraine with arms and humanitarian aid, we saw a massive shift in the global DDoS landscape. These attacks did not only target Sweden but also Ukraine, Finland, The United States, and Russia.  

In May 2023, NETSCOUT observed a 500 Gbps attack on our Swedish government infrastructure thanks to our global network visibility capabilities. As 2023 progressed, the record attacks strengthened by nearly 50% to 730 Gbps. These attacks and more, are highlighted in NETSCOUT’s 1H2023 Threat Report.  

Swedish DDoS Attack Trends In 2024

As we moved into 2024, the attacks against Sweden continued. Upon receiving approval votes from Turkey and Hungary, Sweden achieved succession to NATO, which was met with retaliation from many hacktivist groups. NETSCOUT detected the waves of geopolitical tension via DDoS attacks thanks to our cutting-edge visibility and data scale.

When Sweden’s Foreign Minister hinted at Hungary’s approval of their bid to join NATO on February 14, the onslaught began, with attack volume increasing to 636 on February 15. This signaled a spike in unseen tensions and retaliation from several politically motivated hacker groups. In fact, Russian hackers disrupted government operations in Sweden via ransomware attacks. This is similar, or even more intense, to what was experienced by other NATO member countries including Hungary, France, and Poland.

DDoS attacks against Sweden have shown increases as time has passed with some consistency, picking up significantly in mid 2023 into 2024, with the peak culminating on February 15, a 315% increase compared to the same date in 2023. See the daily details in the timeline below:  

Who Was Responsible for These DDoS Attacks?

Through our thorough investigation into the industry-leading access to internet traffic data, NETSCOUT’s ASERT team identified that the likely culprits of these attacks included the hacker groups NoName057, Anonymous Sudan, Russian Cyber Army Team, and Killnet. All these groups are politically motivated, supporting Russian ideals.  

For Threat Intelligence and DDoS Protection, Trust NETSCOUT

NESCOUT threat intelligence is second to none, thanks to partnerships with top-tier service providers. Our ATLAS Intelligence Feed (AIF) powers our DDoS protection solutions with the latest threat details to automate mitigation of known DDoS threats.  

The ASERT team and NETSCOUT, comprised of the leading DDoS experts, works to understand the global DDoS landscape. Learn more about the current scale of global DDoS in our DDoS Threat Intelligence Report.