Sweden airport flights cancelled
Anonymous sources in NATO say Russian intelligence was behind a major cyberattack on Sweden that grounded flights for over five days in November 2015Reuters

Sources in the Swedish government have blamed Russian intelligence for causing a major cyberattack on Sweden's air traffic control system that lasted for at least five days in November 2015, allegedly due to Russia testing out its electronic warfare capabilities.

Between 4-9 November 2015, hundreds of domestic and international flights were grounded at multiple airports across Sweden due to its air traffic control system going offline. The attack caused the radar systems to stop working, which made the computer screens to go blank. This meant that air traffic controllers were unable to see any aircraft on their screens at all.

At the time, the Swedish Civil Aviation Administration publicly blamed a solar storm for knocking out air traffic control systems, which also impacted radar stations in Norway and Estonia. According to a Swedish military leaks news site, however, the real story was much deeper.

Anonymous sources told Aldrimer.no that during the attack, Swedish authorities traced the source of the attack to an Advanced Persistent Threat (APT) group that has previously been linked to the Russian military intelligence agency, Spetsnaz GRU. Although Sweden is not part of Nato, it was so concerned that it sent urgent messages warning neighbouring countries that are Natoallies about the ongoing cyberattacks.

"The message was passed on to NATO either by Sweden's National Defence Radio Establishment [Försvarets radioanstalt, FRA] or the Swedish Military Intelligence and Security Service [Militära underrättelse- och säkerhetstjänsten, MUST]," a senior Nato source told Aldrimer.no.

Krasukha-4
This is the Krasukha-4. It is a highly sophisticated electronic warfare system that is now being used to cloak its actions in Syria from Nato, as well as from IS and other rebel groupsVitaly V. Kuzmin, Wikimedia Commons

The source says that Swedish authorities were particularly concerned that Vattenfall, the Swedish state-owned power company, would be targeted by Russian hackers. As Vattenfall is one of the largest energy providers in Europe and owns several nuclear power plants in both Sweden and Germany, the potential damage from a cyberattack could have been astronomical.

The source also says that at the same time that Sweden issued its warning to neighbouring Nato countries, at the same time Nato independently detected that Russia instigated electronic warfare activity in the Baltic Sea region that was jamming air traffic communication channels. Nato traced the signals and they led to a large radio tower in the Russian enclave of Kaliningrad, to the south of Lithuania.

In October 2015, a month before the cyberattack on Sweden's air traffic control systems, a leading electronic warfare expert reported that Russia was using electronic warfare to both jam Islamic State (Isis) communications in Syria, as well as to mask its military activities from Nato.

The Swedish Civil Aviation Administration is currently investigating the true cause of the air traffic control system outage, but currently is not ready to release results from its analysis of data during the attack. Nato and the Swedish Armed Forces have both said they cannot comment on the issue.