The Swedish civil aviation administration, the Luftfartsverket (LFV) may have been the victim of a large APT attack.
In early November last year, air traffic control centres around Sweden went down. Worryingly, the problem meant that air traffic controllers at Arlanda, Landvetter and Bromma airports couldnt see airplane traffic on their screens. Of course, this resulted in the cancellation of many flights.
Initially, a solar storm was blamed for the outage. But Aldrimer.no, a Swedish news outlet, believes different. Sources have told the outlet that during the outage, authorities sent warnings to NATO that air traffic control centres were under attack. Those warnings were then relayed to neighbouring countries Norway and Denmark.
Aldrimer goes on to report that at the same time that the purported attack was carried out NATO apparently detected offensive activity near the Baltic sea, tracing the signal back a radio tower located in Russian enclave Kaliningrad.
This, as it always does, left fingers pointed eastwards, towards one of the cyber-warfare giants of the world, Russia. SCMagazineUK.com spoke to Ewan Lawson, a cyber-warfare expert at the Royal United Services Institute.
"The Swedes have made a number of encouraging noises towards NATO," said Lawson, "perhaps this is a hint to them that this is not a direction they want to be moving in."
Russian suspicion of NATO and other Atlanticist institutions is well known, especially opposing NATO membership along Russia's European border. While many of Sweden's neighbours are part of NATO, Sweden has remained outside of the organisation.
That said, it is hard to lay the blame precisely at the door of the Kremlin, as proxies are widely believed to be responsible for many of the attacks initially attributed to 'Russia'. "There's an element of privateering to this", said Lawson, its probably "not the Russian government saying 'go attack the Swedish air traffic control'", but the product of a slightly more complex arrangement between Russian geopolitical objectives and those who might want to carry them out.
This news comes not long after it was revealed that Swedish military servers were used in 2013 to deploy DDoS attacks against US financial services.
The LFV have reached the conclusion of its investigation into the outage, finding that it was caused by radio emissions due to a solar flare.
In regards to the suspicion that a cyber-attack, Ulf Thibblin, Technical director at LFV said in a release,“there was nothing in our radar data- or Internet traffic logs to support or confirm a possible cyber attack. Also, we had the relationship in time with space weather, plus there were a few more technical reasons which excluded a cyber attack.”