Cybersecurity Awareness in the Nordics: Safeguarding Trust and Resilience in a Complex Digital and Geopolitical Landscape
Diana Selck-Paulsson
Lead Security Researcher, Orange Cyberdefense
October was the Cybersecurity Awareness Month but really every month is an awareness month for us. In recent times, we are examining how geopolitical and cyber dynamics intersect to impact Sweden and the broader Nordic region. As our reliance on digital infrastructure grows, so do the complexities of cyber threats that challenge our resilience. From cognitive attacks targeting public trust to the rise of artificial intelligence (AI) in cybercrime, here’s a look at what’s shaping the cybersecurity landscape—and why it matters for everyone, whether you work in IT, manage a business, or simply use technology in your daily life.
With several ongoing global wars—such as but not limited to; the war against Ukraine, the Hamas-Israel war, and the Sudanese Civil War—the Nordics are feeling the impact of heightened geopolitical tensions. These conflicts contribute to an increasingly complex threat environment, where the lines between physical and cyber domains blur, adding new challenges to Nordic and global cybersecurity.
As the Swedish Prime Minister Ulf Kristersson states in the latest National Security Strategy report:
When Russia launched its full-scale invasion of Ukraine, Sweden and many other countries woke up to a new security reality. We are currently in the most serious security situation since the Second World War. The return of big power politics, as evidenced by a number of authoritarian states, is a threat to the world order that has created decades of peace and prosperity.[1]
The Nordic’s threat landscape: Cyber and beyond
Sweden and Finland’s recent NATO memberships mark a significant shift for the Nordic region and its security dynamics. Finland joined NATO on April 4, 2023, followed by Sweden on March 7, 2024. This expansion was driven largely by the war against Ukraine, which motivated both countries to change their stance by joining NATO to enhance their collective security. Denmark's significant financial aid to Ukraine, measured as one of the highest relative to GDP, underscores its active support in the conflict and positions it as a key player in European security matters. According to the Ukraine Support Tracker, Denmark but also other Nordic countries have allocated substantial resources, not only in direct financial aid but also in military and humanitarian assistance, making all Nordic countries a standout contributor[2][3].
The chart below shows the latest Ukraine support tracker data published on 10th of October 2024.
Additionally, espionage remains a significant and growing threat for the Nordic countries, as highlighted in both Denmark’s recent cyber threat assessment and Norway’s Focus 2024 report. The Nordic region’s strategic position within NATO, coupled with its proximity to Russia and the Arctic, makes it a prime target for intelligence-gathering efforts by adversarial states. Norwegian intelligence agencies, for example, have noted an increase in Russian espionage activity, particularly via maritime routes, where Russian vessels operate in Nordic waters to monitor critical infrastructure and military movements. Similarly, the Danish report emphasizes the persistence of espionage attempts, with foreign actors targeting sensitive sectors, including energy, technology, and government operations [4][5]
Hybrid Tactics and Influence Operations
The Nordic countries are increasingly targeted by hybrid tactics and influence operations. These tactics blend cyber-attacks, disinformation, espionage, and economic pressure to destabilize or influence political landscapes without direct confrontation. For example, Norway has faced espionage attempts linked to intelligence gathering on critical infrastructure, while Sweden has observed disinformation and influence campaigns aiming to sway public opinion and exploit social divides. These tactics aim to exploit vulnerabilities across various domains, making it challenging to identify a clear aggressor and complicating effective response measures[6][7].
These attacks leverage misinformation, social media, and fake news to undermine our confidence in institutions. This approach is not new in the Nordic region, but it has intensified due to recent geopolitical shifts. Norway’s recent elevation of its terror threat level in October 2024—linked to attacks on its Danish neighbor—reflects a region increasingly targeted by foreign influence and destabilizing activities[8] Reports have also revealed that Iran actively exploits criminal networks within Sweden as part of its broader influence operations. This highlights a growing vulnerability to foreign influence that targets everything from political processes to social stability[9].
Russia is considered to be the greatest immediate threat across the Nordic region[10], particularly through its hybrid tactics that combine cyberattacks, influence operations, and economic pressure. Norway’s Focus 2024 threat assessment articulates how Russia’s intelligence and military posturing, especially in the High North, in the Arctic and the Baltic Sea, reflects an intention to assert influence and control in areas close to Nordic borders[11]. With the Nordic nations increasingly seen as NATO’s northern front, both Denmark and Norway stress the need for reinforced digital defenses and cross-border cooperation to mitigate risks effectively.
Further illustrating this, a recent warning from Germany highlighted Russia's active cyber threats against NATO and EU nations, stressing that critical infrastructure and political processes are at risk[12]. The FBI also exposed an extensive Russian disinformation campaign aimed at disrupting elections across Europe, a stark reminder of the stakes involved as democratic nations are in the year of elections in 2024. In a recent investigation into pro-Russian hacktivism, we found that the hacktivist activities are timed campaigns aiming to disrupt democratic processes such as elections. For example, we found Finland being targeted by cyber attacks during their presidential elections in January 2024 but also saw other countries in Europe impacted by those campaigns[13].
For individuals, this trend underscores the importance of verifying information and being cautious about sharing unverified news. For organizations, the threat of cognitive attacks means building transparent communication channels and proactively countering misinformation to maintain public trust.
Convergence of State, Hacktivist, and Criminal Actors Using Coercion
The merging of motives and tactics among state actors, hacktivists, and organized criminals is blurring the lines in cybersecurity. This trend is especially apparent in cyber extortion cases, where sensitive information is stolen and then held for ransom, with the threat of public exposure as leverage. In the Nordics, these tactics are increasingly employed by various groups with differing agendas but shared techniques
Cyber extortion and hacktivism have taken on a more ruthless tone in recent years, targeting critical infrastructure and sensitive sectors like healthcare. In the past, certain areas were considered “off-limits,” but today’s attackers are showing little regard for human impact, as we have seen last year with Denmark being impacted by a hacktivist group targeting the Danish healthcare sector[14][15]. Or in Sweden’s case showing an incident in the beginning of this year where a well-established private hospital suffered a cyber extortion attack and was coerced for ransom payment[16].
The Nordic region has been especially hard-hit by the rising cyber extortion trend, experiencing the highest growth in victims globally. The past year alone saw a 38% increase in cyber extortion incidents across Sweden, Denmark, Norway, and Finland, with Sweden experiencing a surge of 41% , Denmark close behind at 34%, Norway with 20% and Finland standing for 5%.
In our mid-year report we found that threat actors stick with what works: credentials are prime targets, providing direct access to networks. Remote access points like VPNs and RDP are regularly exploited, as are unpatched systems, which offer easy profit opportunities. Phishing and social engineering stay effective, bypassing technical defences by manipulating users. Attacks on hypervisors and virtual machines persist as well, reflecting the strategic focus on essential virtual infrastructures.
Individuals need to be aware of the growing ruthlessness of cybercriminals, while businesses must implement comprehensive cybersecurity measures to protect against data breaches and operational disruptions.
In recent years, hacktivism has evolved from scattered, ideologically driven attacks by groups like Anonymous to more structured operations, often aligning with national interests or specific political agendas. Key drivers behind this evolution include increased geopolitical tensions, technological advancements, and a rise in organized groups that blur the line between hacktivism and state-aligned cyber activity.
The Nordics have seen a surge in hacktivist activity, primarily from pro-Russian groups opposing NATO expansion and Western support for Ukraine. Below shows our monitoring of one of the most active pro-Russian hacktivist groups since 2022. In the last two years, we see four of the Nordic countries regularly attacked by this group.
Operational Technology (OT) Attacks Can Pose Catastrophic Risks
While most people are familiar with IT security, Operational Technology (OT) encompasses systems responsible for physical processes in essential infrastructure like power grids, water plants, and manufacturing. A cyberattack on these systems isn’t just about data loss; it could have devastating real-world consequences, disrupting essential services and potentially putting lives at risk.
In recent years, OT attacks have become increasingly sophisticated. For instance, a cyberattack on a Spanish bioenergy plant’s Supervisory Control and Data Acquisition (SCADA) system directly impacted physical operations. This incident illustrates how cyber threats can transition from virtual environments to physical systems with potentially catastrophic outcomes.
OT security in the Nordics – like in many other regions show increased vulnerabilities as IT and OT systems merge, creating new attack surfaces within critical infrastructure. A lack of specialized OT security skills and reliance on traditional IT tools complicates effective protection for sectors like energy and transportation.
Technology evolves, so do Threat Actors
The rapid development of generative AI (GenAI) has revolutionized productivity, enabling organizations to automate processes, analyze data, and improve efficiency. But this technology also brings significant cybersecurity challenges. GenAI can be manipulated to craft highly realistic phishing emails, deepfakes, and master highly sophisticated disinformation campaigns at unprecedented scales, making it a powerful tool for malicious actors. For Sweden and the Nordics, where digital trust is a key aspect of society, GenAI’s vulnerabilities are particularly relevant, especially when new technological developments are misused for malicious purposes that undermine stability.
Additionally, AI itself is also susceptible to attacks. “Prompt injection” tactics are one way that adversaries manipulate AI-generated outputs to produce harmful content. This makes it essential for organizations using AI to understand these vulnerabilities and integrate safeguards to prevent exploitation.
Cybersecurity Awareness: A Shared Responsibility
As the Cybersecurity Awareness Month comes to an end, it’s clear that the digital and geopolitical threats that the Nordic region is facing are complex and interwoven. With cognitive attacks eroding public trust, AI enabling sophisticated cybercrime, and the rise of targeted OT threats, the challenges are immense. The Nordic region has seen a 38% increase in cyber extortion incidents in the past year alone, and several calculated hacktivist campaigns, underscoring the severity of the threat and its impact across Sweden, Norway, Denmark and Finland.
Awareness is the first step toward resilience. Understanding these trends enables us to make smarter decisions about technology and security, whether by verifying news sources, protecting personal data, or supporting policies for stronger critical infrastructure protections. Cybersecurity is a shared responsibility—one that affects everyone, from tech experts to everyday users. By staying informed, practicing safe digital habits, and advocating for robust security measures, we can help ensure that Sweden and the Nordic region remain resilient in an increasingly complex cyber landscape.
Sources:
[1]https://www.government.se/contentassets/dee95d002683482eba019df49db2801f/national-security-strategy_.pdf
[2] https://www.ifw-kiel.de/topics/war-against-ukraine/ukraine-support-tracker/
[3] https://www.regjeringen.no/no/tema/ukraina/tidslinje-regjeringens-handtering-av-krigen-i-ukraina/id2906711/
[4] https://www.rcinet.ca/eye-on-the-arctic/2024/02/20/counter-intelligence-agency-these-are-the-biggest-threats-against-sweden/
[5] https://www.politico.eu/article/norway-pm-jonas-gahr-store-russia-intelligence-nordic-seas-war-ukraine/
[6] https://www.nato.int/cps/en/natohq/topics_156338.htm
[7] https://globalsecurityreview.com/hybrid-and-non-linear-warfare-systematically-erases-the-divide-between-war-peace/
[8] https://nyheder.tv2.dk/krimi/2024-10-09-norge-haever-terrortrussel-forbinder-iran-til-angreb-i-koebenhavn
[9] https://www.sakerhetspolisen.se/ovriga-sidor/other-languages/english-engelska/press-room/news/news/2024-05-30-iran-is-using-criminal-networks-in-sweden.html
[10] https://www.government.se/contentassets/dee95d002683482eba019df49db2801f/national-security-strategy_.pdf
[11] https://www.etterretningstjenesten.no/publikasjoner/focus/Focus24_contents
[12] https://www.tv4.se/artikel/tt-240909-tyskcybervarning-eb2e4077/ryska-cyberangrepp-mot-nato-och-eu-lander
[13] We will publish more about these campaigns in our upcoming annual security report, the Security Navigator 2025. The report can be pre-ordered from 4th of November 2024: https://www.orangecyberdefense.com/global/security-navigator
[14] https://www.theregister.com/2023/02/28/anonymous_sudan_ddos_hospitals/
[15] https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan
[16] https://www.svt.se/nyheter/lokalt/stockholm/data-fran-cyberattack-mot-sjukhus-till-salu