Demo Free trial Request quote Contact me
29October
19 gigabytes highly sensitive data leaked - authorities & banks among the victims
In a statement from August 25, Gunnebo said that they had been subjected to a well-organized IT attack believed to be industrial espionage. Now 38,000 files with sensitive data have been leaked from their servers and published online. At the time of writing, Gunnebo has released no further information about the leak on their website. Among the victims of this attack are government agencies, companies, and banks, with blueprints of the parliament shell protection and bank vaults a part of the leaked data.
By Lydia Meneses Topics: Ransomware, Incident Reports





“In our work to identify vulnerabilities in the IT environment of companies and governmental agencies, we see a huge lack of insight. Not only do the systems themselves have vulnerabilities, but users are also usually easily manipulated. This type of incident is inevitable when the number of vulnerabilities that we see in business-critical systems. I’m surprised that this doesn’t happen more often. That this would be industrial espionage doesn’t sound likely, as all data was eventually published online. However, it may have been a way to make it look like just another ransomware attack. In such a case, it’s for sure unusually advanced.” says Stefan Thelberg, security expert and CEO of Holm Security.

A ransom attack

Based on the available information, Gunnebo negotiated with the hackers and eventually deciding not to pay the ransom. This most have been a difficult decision for Gunnebo to make and explains the time gap between the end of August until today.




“Gunnebo does the right thing by not paying the ransom. I wish I could say that it would improve the starting point for other organizations in the same situation. But unfortunately, this becomes a billboard for criminals that shows how devastating it is not to pay. The only winners here are those who today and in the future work even more actively with their cybersecurity defense.” says Stefan.


Likely scenarios

Stefan Thelberg describes the most likely scenarios around how hackers managed to come across massive amounts of sensitive data that subsequently got published on the internet.

User manipulation - social engineering

One or more users have been subjected to social manipulation. The most common is that it starts with a regular e-mail message that causes users to install a virus or ransomware. The virus then spreads further in the network and opens access for the hacker. The virus spreads in networks, exploiting known vulnerabilities.

The attack may have been a tailor-made attack aimed specifically at Gunnebo. Most likely, however, is that it was a general attack where they tried to get into several large organizations in a similar way.

Exposed vulnerability

One or more systems, probably exposed directly to the internet, got exploited by the hacker, that used it to get further into the systems in Gunnebo's network. Generally, a vulnerability is exploited immediately, giving the hacker control over systems.

Vulnerabilities usually occur because of outdated software or incorrectly configured.

About the author
Lydia has previous marketing experience from the gaming and consultant industry. Lydia has previously worked at Nielsen Media Research and holds a degree in Media and Communication Studies from Linköping University

Lydia Meneses
+46 (0)705-50 74 40
lydia.meneses@holmsecurity.com