The Swedish Prosecutor’s Office has announced that a preliminary investigation carried out with the Swedish Security Service (Säpo) has concluded that the Iranian state, via the Islamic Revolutionary Guard Corps (IRGC), carried out a special operation against targets in Sweden. Hackers allegedly breached a Swedish company that runs a major SMS service last summer and sent out 15,000 messages calling for “revenge against Quran burners.”
“Through the investigation, we have been able to establish the identities of the Iranian hackers who carried out the serious data breach,” Mats Ljungqvist, senior prosecutor for the Prosecutor’s Office, said in a press release.
“We have succeeded in breaking this down at the corresponding individual level and can then connect it to the Revolutionary Guard, which in turn is directly connected to the Iranian regime,” said Fredrik Hallström, operations manager at Säpo, to the news agency TT.
However, Hallström refrained from going into any details about how the breach took place.
“A number of different steps are required from an actor who wants to carry out this type of attack. You don’t just throw yourself right into a data store and fire out messages. A lot of ingenuity is required for this type of work,” he said.
According to Ljungqvist, the purpose of the breach was an influence operation to impact public opinion in Sweden and increase conflict between various groups in society.
A group called Anzu, working on behalf of IRGC, infiltrated the Swedish company in July 2023, sending out private SMS messages to individuals on Aug. 1, 2023, calling for those who “insulted the Quran” to be “punished for their work.”
Known in Sweden as the “Korankrisen” (“Quran burning crisis”), several incidents of Quran burning occurred prior to the breach, most notably one on June 28, 2023, involving an Iraqi Assyrian refugee who set fire to the Quran outside the Stockholm Mosque.
The government is in the loop on the attack and is in contact with the responsible authorities, according to Minister of Justice Gunnar Strömmer.
“That a state actor, in this case Iran, according to the Security Police’s assessment is behind an action that aims to destabilize Sweden or increase polarization in our country is of course very serious,” Strömmer said in a comment to TT.
Because the attackers are acting on behalf of a foreign power, the Prosecutor’s Office has made concluded that there are no conditions for prosecution abroad or extradition to Sweden. The preliminary investigation has therefore been closed but can be reopened as long as the crime has not expired.
Säpo is now calling on Swedish organizations to improve their security.
“It is incredibly important that companies, authorities, and organizations have relevant protection linked to this type of activity. We are in a global situation today where it actually requires” every party to elevate its security posture, Hallström said to TT.
