Sweden says Iran behind cyberattack calling for revenge on Quran burners

Sweden’s domestic intelligence agency announced on Tuesday that hackers acting on behalf of the Iranian government were behind a cyberattack last year aimed at provoking divisions in the country following a stunt by a far-right political figure.

The Säkerhetspolisen (Swedish Security Service) said a cyber group working for Iran’s Islamic Revolutionary Guards Corp was behind the hack targeting a Swedish SMS service, intended to paint an image of Sweden as an Islamophobic country.

The stunt refers to an incident in Stockholm in which the Quran was set alight in front of the Turkish embassy by Rasmus Paludan, a dual Danish-Swedish national described as a “far-right politician and anti-Islam provocateur” by the Guardian.

According to the Public Prosecutor’s Office, after breaching the SMS service the Iranian hackers used their access to then send roughly 15,000 messages to people in Sweden calling for them to take revenge against Quran burners.

Senior prosecutor Mats Ljungqvist said that the Swedish authorities investigating the incident “have been able to establish the identities of the Iranian hackers who carried out the serious data breach.” 

Ljungqvist added that the investigation into those individuals had been closed given the unlikeliness that they would be prosecuted in Iran or extradited to Sweden.

However, the prosecutor’s office said: “The fact that the preliminary investigation has been closed does not mean that the suspected hackers have been completely written off. As long as the crime is not time-barred, prosecutors can reopen the preliminary investigation.”

Other hacker groups also attempted to exploit Paludan’s activities, with Anonymous Sudan — which is not believed to be genuinely associated with Sudan, but is alleged to be part of a Russian information operation — conducting attacks on Danish hospital websites and Scandinavian Airlines.

At the time of the Anonymous Sudan attacks, Sandra Barouta Elvin, a national security officer at Microsoft in Sweden, told the Swedish daily newspaper Aftonbladet that the responses to the Quran burning — both in terms of the coverage given to the incident by Russian media, and the potentially paid-for “activist” responses — indicated preparations had been made for a retaliation to Paludan’s stunt before it took place.

The attribution over the SMS incident follows the Säkerhetspolisen warning earlier this year that the Iranian regime was using “criminal networks in Sweden to carry out violent acts against other states, groups, or individuals in Sweden that Iran regards as threats.”

The use of criminal networks has similarly been seen elsewhere, including in the United States where an alleged Iranian drug trafficker with ties to Tehran’s intelligence services was charged with recruiting a member of the Hells Angels in a plot to murder an Iranian defector.