Sweden's E-Government Platform Source Code Leaked via Compromised CGI Infrastructure

Incident Overview

Threat actor ByteToBreach has leaked the entire source code of Sweden's E-Government platform, claiming it was obtained through compromised CGI Sverige AB infrastructure. CGI Sverige is the Swedish subsidiary of global IT services giant CGI Group and manages critical government digital services.

Compromised Data Categories

• Full E-Gov Platform Source Code
• Staff Database
• API Document Signing Systems
• Jenkins SSH Pivot Credentials
• RCE Test Endpoints
• Initial Foothold & Jailbreak Artifacts
• Citizen PII Databases (Sold Separately)
• Electronic Signing Documents (Sold Separately)

Attack Details

The disclosed vulnerabilities used in the attack include:

• Full Jenkins compromise
• Docker escape via the Jenkins user being in the Docker group
• SSH private key pivots
• Analysis of local .hprof files for reconnaissance
• SQL copy-to-program pivots

The actor makes a pointed note about companies blaming breaches on third parties, explicitly stating that this compromise belongs clearly to CGI infrastructure, referencing Viking Line and Slavia Pojistovna as other examples.

The source code is being released for free with multiple backup download links, while citizen databases are sold separately. This is the same actor behind the Viking Line breach posted yesterday.