Nuclear power stations, airports at risk after hackers breach security giant

News
By published

Gunnebo hack sees 38,000 sensitive documents leaked

hacker targeting a PC
(Image credit: Shutterstock)

Swedish security firm Gunnebo, which boasts a variety of high-level customers, including airports, banks, government agencies and nuclear plants, has had important documents stolen following a substantial hacking operation. Although the hack took place some months ago, the effects of the break-in are only just coming to light.

Back in March, Gunnebo Group was informed by KrebsOnSecurity that hackers had infiltrated its network and sold access to a criminal group with a history of deploying ransomware attacks. Some months later, Gunnebo confirmed that it had been the victim of a cyberattack but believed that due to its fast response, the impact would be insignificant.

It has now been revealed, however, that 38,000 documents were stolen during the attack and subsequently uploaded to a public server. It is thought that many of the documents are security blueprints, including details regarding at least two German banks and the Swedish parliament.

Not so secure

It’s not entirely clear how hackers gained access to Gunnebo’s network, although it is thought that it could involve the stolen credentials of a remote desktop protocol account being used by a Gunnebo member of staff. It has also been revealed that the stolen password in question was ‘password01’ – an embarrassing disclosure for any company, but particularly one working in the security industry.

According to reports, Gunnebo CEO Stefan Syrén has attempted to downplay the significance of the breach, adding that paying the ransom fee was never a consideration for the firm. Currently, it remains unclear how many individuals have accessed the server containing the stolen documents.

Although a security firm becoming the victim of a cyberattack is certainly ironic, it is not surprising. Gunnebo primarily deals in physical security products, including interlocking doors and video surveillance, which may explain why it took its eye off the ball when it came to its own digital security protocols.

Via KrebsOnSecurity

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Cybersecurity

Why OT security needs exposure management to break the cycle of endless patching
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event