Terrorism threats in Sweden and its implications in cyberspace

Terrorism threats in Sweden and its implications in cyberspace
2023-08-18 Paliscope

What is cyberterrorism?

In this blog, Paliscope defines cyberterrorism as using electronic systems to disrupt, influence, or destroy essential electronic systems, aiming to inflict physical harm on people, the economy, or the environment. These attacks aim to intimidate and influence a government’s or a civilian population’s decision-making and beliefs. 

At the heart of this form of terrorism lies the act or threat of violence.

At the heart of this form of terrorism lies the act or threat of violence. If no violent capital is involved, the assault might be better described as hacktivism, a form of activism where individuals penetrate digital systems to achieve political or societal aims without causing physical harm. 

The primary methods of cyber terrorists likely involve attacking critical infrastructure, such as electrical grids, transport systems, or communication networks, aiming to cause outages, disruption, or complete blackouts. Often, these attacks coincide with physical acts of terror. 

Differentiating cyberterrorism from other similar terms is essential to understand how terrorism and cyber are interrelated. For example, we see that the Terrorist use of ICTs refers to the utilization of Information Communication Technology (ICT) by terrorists to facilitate offline attacks, promote ideologies, or for fundraising. And, Cyberwarfare vs. Cyberterrorism, here the distinction is that cyber warfare generally involves state actors targeting other states. In contrast, cyberterrorism, typically by non-state actors, can target state and non-state entities. 

And now, let’s delve into cyberterrorism and what it means for Sweden.


Threat assessment: Cyberterrorism 

It’s essential to understand cyberterrorism motivations. While they might possess the financial means and technical skills, the real intent is to instill fear and disorder. They target critical infrastructures to cause significant disturbances. And, as digital space expands, the potential for hostile activities grows. For example, groups like the Islamic State (IS) have evolved digitally, utilizing online propaganda, recruitment, and training platforms. Although they can potentially harm target networks, their prime focus remains physical.

“…while groups like IS or other well-known terrorist groups like al-Qaeda might have intentions, they likely lack the capacity for large-scale cyber-attacks against Sweden’s critical infrastructures.

Furthermore, while groups like IS or other well-known terrorist groups like al-Qaeda might have intentions, they likely lack the capacity for large-scale cyber-attacks against Sweden’s critical infrastructures. Their primary ambition to instill fear in populations often finds a more direct route through physical terror. Yet, entities aligning with extremist narratives may target Swedish digital spaces to amplify fear and broaden their influence.  

In 2019, Carina, while studying Terrorism Studies at St. Andrews University, wrote an assessment of the Swedish Cybersecurity Strategy (2016) and its weaknesses and strengths in countering the cyberterrorism threat. Carina observes: 

“In cyberspace, boundaries are ever-shifting. The real challenge lies in adapting our cyber defense strategies to this fluid landscape and deciphering the motivations, actions, resources, and modus operandi of actors operating within the parameters of hybrid warfare.”

And today, Sweden is experiencing a rapid escalation in cyber threat perceptions, driven by multifaceted actors, from terror groups to state-sponsored entities, and the narrative must be accurately framed to address genuine threats and dispel unfounded speculations. Sometimes, cyberterrorism might be a cover for state actors operating their interests and pursuing their geopolitical strategy, and sometimes not. However, facts and attribution are paramount in cyberspace, and not always so easy to verify.

More on cyberterrorism, Oscar Rosengren, Cyber Analyst at Paliscope, delves deeper into the analysis and argues:

While the digital environment is evolving into a crucial part of everyday life, the attack surface for hostile activities is increasing. Even though al-Qaeda was first to explore opportunities in cyberspace in the early 2000s, the Islamic State (IS) pioneered when utilizing the digital environment as a means for terrorism ends.” 

In addition, Swedish terrorism expert Magnus Ranstorp recently warned that IS should not be excluded from the equation when assessing the contemporary al-Qaeda-linked threat. Hence, there is reason to account for the Paliscope known capabilities of IS-affiliated actors in cyberspace. In 2014, actors in the digital environment linked to IS utilized digital capabilities. Since then, IS has been increasing its digital footprint by establishing several affiliated organizations. IS’ digital operations have mainly focused on information and communication technology (ICT) to promote, facilitate, or engage in acts of terrorism.  

In the last decade, IS has frequently utilized online platforms to spread propaganda, enhance recruitment, and offer instructions and information on training and targets. Digital tools are also used to increase financing and enable more sophisticated cyberattacks. However, even though IS may possess capabilities to inflict harm on target networks, physical attacks still make up a prime focus on achieving strategic goals. 

Based on what has been accounted for above, it remains unlikely that elements linked to al-Qaeda or IS have the resources or incentives to conduct hostile cyber operations targeting Swedish critical infrastructure.  

If they can achieve their aims in the physical environment, such attacks will most likely be prioritized above operations in cyberspace. However, as the main objective of terrorist organizations always will be to instill fear and insecurity among targeted populations, it remains likely that entities and groups supporting the narratives of al-Qaeda and other Islamist extremist networks, as well as hacktivist groups guided by radical religious beliefs may take steps towards targeting Swedish organizations. Such operations may, in turn, instill further fear and allow for further influence that offers opportunities for influence by antagonistic states as well as a wide range of religiously and politically motivated threat actors in cyberspace.  

“…it remains likely that entities and groups supporting the narratives of al-Qaeda and other Islamist extremist networks, as well as hacktivist groups guided by radical religious beliefs may take steps towards targeting Swedish organizations.

However, with this said – for the cyber community – we cannot completely rule out cyber attacks; instead, we still have several reasons to prioritize cyber security in organizations.


Beyond Cyberterrorism: An Emerging Pattern 

Despite the anticipated rise of cyberterrorism, recent events reveal a nuanced pattern of cyber activity. Discerning these trends is paramount for cybersecurity experts as cyber boundaries blur and attribution remains elusive. 

One example of a starting point is in 2015 when an assault on a French TV station was investigated by French intelligence and US cybersecurity firm FireEye. Evidence suggested links between the attackers and the Russian state-backed Advanced Persistent Threat (APT) group, Fancy Bear. Here, given that the Caliphate Cyber Army initially claimed responsibility, suggests a potential nexus between Russian interests and pro-IS hacking entities, including hacktivists and cyber terrorists. 

Fast forward to December 2022 Sweden was thrown into the cyber spotlight with the campaign dubbed #OpSweden, provoked by Rasmus Paludan’s burning of the Quran outside the Turkish embassy. While this act triggered responses from multiple groups, state, and non-state, the overall threat level remained moderate in a broader national security context. However, a pivotal player in the anti-Sweden campaign was Anonymous Sudan. Despite asserting ties to the global Anonymous collective, speculations about links emerged associating Anonymous Sudan, and the #OpSweden campaign in early 2023 with various entities connected to Russia.  

Anonymous Sudan claims often appear inflated, and their primary strategy seems limited to DDoS attacks, with marginal impact on vital infrastructure. While their modus operandi mirrors those of terrorist cyber units, the actions of Anonymous Sudan and similar entities show a consistent trend of mounting tensions against Sweden. It’s plausible to infer that this might be part of a more extensive disinformation operation to stir negative sentiments within the Muslim diaspora about Sweden, which may increase hacktivist activities and acts affiliated with terrorist groups like al-Qaeda and IS. 


We anticipate that some state actors will persist in their information operations aiming to discredit Sweden, exploiting themes like “Islamophobia.” Islamist terror groups might also employ similar tactics. However, it’s crucial to note that there’s no evidence of any Islamist terror group’s ability to launch substantial cyber terror attacks and little less evidence of a cyberterrorist attack that caused significant destruction. Their aspirations might be clear, but their capabilities in the cyber domain need to be improved. Instead, we might witness a surge in propaganda, more disinformation campaigns, and increased attempts to tarnish Sweden’s image. But a significant proliferation of genuinely destructive cyber capabilities among these groups remains unseen. 

Sweden’s digital realm is undergoing increased strains from extremist narratives and potential state-sponsored cyber activities. While extremist factions such as al-Qaeda and IS actively participate in the discourse, their genuine cyber capabilities remain relatively modest. More concerning are the escalating disinformation campaigns, which might be orchestrated or exacerbated by state actors like Russia, aiming to exploit and widen societal rifts. Such operations seem to amplify tensions within the Muslim diaspora against Sweden, fueling unrest and presenting opportunities for hacktivist and extremist elements to further their agendas. 

This state of affairs is not a product of isolated incidents but an accumulation of events

This state of affairs is not a product of isolated incidents but an accumulation of events, particularly since Sweden’s tilt towards NATO. These strategically orchestrated campaigns aim to tarnish Sweden’s global reputation and undermine internal unity. And while entities like Anonymous Sudan assert a direct hand in cyber onslaughts, their impact on critical infrastructure appears marginal at best. However, their and other cybercriminal group’s activities and potential links to states like Russia, continue to cast a looming shadow over Sweden’s reputation and influence in cyberspace. 


Paliscope’s Advice

In cyberspace’s ever-evolving realm, organizations must proactively assess their security postures. Guided by insights from monitoring campaigns like #OpSweden. We emphasize the importance of a multi-dimensional approach such as the following strategies, influenced by common tactics seen from cyber terrorists and hacktivist groups: 

  • Increase bandwidth 
  • Leverage a CDN Solution or, even better, Multi CDN 
  • Implement server-level DDoS protection 
  • Plan for DDoS attacks ahead 
  • Remind yourself that you’re never ‘too small to be DDoS’ed 
  • Switch to a hybrid or cloud-based solution 
  • Bullet-proof your network hardware configurations

 It’s important to underscore that these suggestions are not a silver bullet. The cyberspace threat landscape is dynamic, and security measures should evolve accordingly. The key is a well-rounded strategy that is proactive, adaptive, and backed by continual risk assessment and understanding of threat actors in cyberspace. 

Paliscope is dedicated to fostering cyber-resilience across both the public and private sectors. Our multidisciplinary team, comprising cyber experts, political analysts, and data scientists, is equipped to provide bespoke security solutions. We’re here to guide, assist, and empower your organization to navigate the intricate web of digital threats and bolster your cyber defenses effectively. 

About Carina 

Carina Dios Falk serves as a Cyber Security Analyst at Paliscope, where her expertise extends beyond traditional cybersecurity to integrating Open-Source Intelligence (OSINT) with Artificial Intelligence (AI) for enhanced intelligence operations. With a profound interest in Cyber Defence, Swedish Protective Security, and counter-terrorism strategies, Carina consistently delved deep into cyber defense’s nuances. Her passion lies in synergizing societal challenges with the transformative power of intelligence and technological advancements. 

About Oscar 

Oscar is a cyber security analyst at Paliscope, mainly focusing on the overlap between threat actors in the digital and physical environment. His primary interest lies in the interconnection between geostrategic trends and the evolving and dynamic threat surface and its implications for organizations in the private and public sectors to promote societal resilience. Moreover, Oscar has extensive experience analyzing and monitoring asymmetric threat actors, mainly terrorist organizations in the Sahel region and Russia-affiliated proxies.