Source code of Swedish e-government services has been leaked
19 hours ago
- #E-Government
- #Cybersecurity
- #Data Breach
- Threat actor ByteToBreach leaked Sweden's E-Government platform source code.
- Compromised CGI Sverige AB infrastructure was the source of the leak.
- Leaked data includes full source code, citizen PII databases, electronic signing documents, staff database, API document signing system, RCE test endpoints, and Jenkins SSH pivot credentials.
- Vulnerabilities exploited include Jenkins compromise, Docker escape, SSH private key pivots, and SQL copy-to-program pivots.
- Actor criticizes companies blaming breaches on third parties, citing CGI infrastructure as clearly responsible.
- Source code is released for free; citizen databases are sold separately.