Cyberattacks against Sweden: What is happening – and how can we ALL prepare? Published: June 12, 2025
In recent weeks, cyberattacks against Sweden’s critical societal functions have completely exploded. Public services, authorities and banks have all been hit by various types of attacks – from overload attacks to targeted intrusions. Most of the evidence points to a foreign power – probably Russia – being behind it. But why is this happening right now, and what does it mean for you and me? Can we do something, or are we just spectators while the great powers fight?
Why is this happening right now?
The attacks do not come out of nowhere. Here are some explanations:
NATO and geopolitics Sweden’s rapprochement with NATO and our changed security policy have provoked Russia. Historically, they respond with hybrid attacks: cyberattacks, influence operations and disinformation.
Election year and societal impact Ahead of the 2026 election, attackers want to sow division, create unrest and test how robust our digital society really is.
Vulnerabilities in the systems Many systems are vulnerable and not sufficiently protected. This applies to both authorities, companies and private individuals.
Is this the beginning of something bigger?
It is very possible. Overload attacks, intrusion attempts and influence against the media are classic steps in major campaigns – especially from state actors. The next step could very well be:
Destructive attacks on infrastructure (electricity, water, communication)
Targeted extortion attempts against companies or authorities
Massive disinformation spread on social media and via news sites
What can YOU do as a private individual?
It can feel overwhelming when the “cyber war of the great powers” seems to be beyond your control. But the fact is that the digital resilience of private individuals plays a major role – not just for yourself but for the entire society. Here are some simple but powerful tips:
Review your passwords Use unique, strong passwords for each service.
Enable two-factor authentication (2FA) where possible – especially on email, social media and important apps.
Use a password manager (e.g. Bitwarden, 1Password, KeePassXC).
Update your devices and applications Make sure your phone, computer and tablet have the latest updates.
Also update your apps and browsers regularly.
Be vigilant about scams and disinformation Don’t click on links in strange emails or SMS – even if they appear to come from “your bank” or “the Swedish Tax Agency”.
Don’t blindly trust sensational news on social media. Always check the sender and source.
If you get “urgent” messages (“you need to log in NOW or your account will be closed”) – take a deep breath and check first.
Back up what’s important Save important files and photos both in the cloud and on an external hard drive.
If something happens (e.g. ransomware), you can restore without paying a ransom.
Talk about digital risks with family and friends Help those who are less digitally savvy – especially older relatives – to set up 2FA, choose good passwords and recognize scams.
Have a plan B in case of major disruptions Think about what you will do if the internet or banking services are down for a few days. Have some cash at home, and think about how you will contact loved ones without the internet.
Community defense starts at home Swedish cyber defense is stronger than it was just a few years ago – but every individual is also part of the defense. If we all raise our digital threshold, we make society less vulnerable, both to state actors and cybercriminals.
Conclusion Sweden is currently under attack – and it is no coincidence. Geopolitics is shaking, and cybersecurity is the new front line. But we are not powerless: if companies, governments and individuals do their part, we will be much stronger when the next big wave comes.
CVE-2025-33053 & Stealth Falcon’s Espionage Campaign: Everything You Need to Know
A critical zero-day vulnerability, CVE-2025-33053, has recently been exploited in the wild by the APT group known as Stealth Falcon (also identified as “FruityArmor”). This attack targets a flaw in Windows’ WebDAV implementation and employs sophisticated payloads—including a custom implant dubbed Horus Agent. Here’s a full breakdown and advice on how to safeguard your systems.
🕵️ Who is Stealth Falcon? Stealth Falcon is an Advanced Persistent Threat (APT) group active since at least 2012, known for targeting government and defense organizations—primarily in the Middle East and Africa
Also referred to as “FruityArmor,” the group is believed to have backing ties to the UAE
Vulnerability Overview: CVE-2025-33053 Type: Remote Code Execution (RCE) in Windows’ WebDAV via manipulation of the working-directory during execution
CVSS Score: 8.8 (High severity)
Attack Vector: A phishing-based .url shortcut triggers a legitimate Windows tool (e.g., iediagcmd.exe) to run malicious executables hosted on attacker-controlled WebDAV servers
Microsoft released a patch for this flaw on June 10, 2025, even extending updates to legacy systems like Windows 8 and Server 2012
.
Attack Kill Chain Phishing delivery: A .url file disguised as a PDF (e.g., TLM.005_…pdf.url) tricks recipients into clicking a malicious link
Remote executable hijack: Using Windows’ working-directory resolution, iediagcmd.exe launches a malicious route.exe hosted on WebDAV
Loader deployment: route.exe, the Horus Loader, uses code virtualization to evade detection, displays decoy docs, and drops the payload
Implant installation: The final payload, Horus Agent, a custom C++ implant built on the Mythic C2 framework, enables system fingerprinting, shellcode injection, backdoor communication, keylogging, and credential theft
Who’s at Risk? High-value targets: Defense and government entities in the Middle East (e.g., Turkey, Qatar, Egypt, Yemen)
Broader threat: Now that the patch is public, cybercriminals may begin exploiting the vulnerability more widely—including ransomware actors
🛡️ How to Protect Yourself 1. Patch Immediately Apply Microsoft’s June 10, 2025 update for CVE‑2025‑33053—available even for legacy Windows versions darkreading.com
2. Limit .url/.lnk Exposure Block execution of .url, .lnk, .cpl files from email/download folders using Group Policy, AppLocker, or WDAC ampcuscyber.com .
Train users to recognize suspicious shortcuts disguised as attachments.
3. Restrict WebDAV Access Monitor or block connections to unknown WebDAV servers on port 443.
Detect when trusted Windows tools spawn from non-standard working directories kaspersky.com
4. Deploy Defense-in-Depth Use threat emulation, intrusion prevention systems, and endpoint protection (e.g., Check Point Harmony, PTR IPS) research.checkpoint.com
Monitor logs for unusual service installations (Event ID 7045), creation of PDF or VHD files, or .url files launching legitimate processes – indicators include filenames like TLM.005_*.pdf, %TEMP%\…vhdx, ds_notifier, etc.
5. Incident Response & Visibility Watch for new executables named route.exe, unusual file drops, or anomalous behavior from Edge/IE diagnostic tools.
Keep threat intelligence feeds up-to-date with IOCs like URL hashes provided by Check Point.
Summary CVE-2025-33053, exploited by Stealth Falcon, is a potent zero-day involving deceptive shortcut files and a sophisticated implant deployment pipeline culminating in the stealthy Horus Agent. If you haven’t already, patch now, enforce strict execution controls, and monitor your network for signs of exploitation.
Need help with implementation or want a deeper technical breakdown? Just reach out or leave a comment!
I have just arranged a machine in Proxmox with Ubuntu server that will be the base for this project, I gave it about 8 GB RAM and 100 GB Storage, that should be enough for this project. Since I have limited resources for this project, I will use a technique that will make sure that there will be a maximum of three models that are active at the same time, and then rotate so that the three are replaced all the time. I think that 10 “participants” is enough. Each model will be assigned different “personalities” that all have different interests, strengths and weaknesses with different guidelines for opinions and values.
Since it would take a while to load all the models as I have limited my 1GB line to 100Mbit on the server, I left it overnight but noticed that something went wrong when downloading the last models, I got this error:
It could be due to a problem with the server at Ollama or something else temporary, so I decided to initially settle for the models I already have..
Now it’s time to create a venv (Virtual Environment for Python) and install some dependencies for Python. 🐍
Since it is a new installation, I first needed to install the venv itself:
To build my venv I run:
To build my venv I run:
cd ~/aichatt # Or create and go into a new folder
python3 -m venv venv # Creates a folder called 'venv' with virtual environment
# Once that is done we need to activate the environment with :
source venv/bin/activate
# And we can proceed with installing dependencies;
pip3 install ollama discord.py python-dotenv
The virtual environment allows you to install packages for dependencies only in that environment, this is smart for several reasons. It is important not to forget to always run source venv/bin/activate before working with the bot, so that everything installs correctly!
# You can test your environment by:
which python
or
python --version
# They should point to your environment.
# Packages are installed in the environment with pip install for example: pip install flask
# To turn off the environment, we simply run: deactivate
# It is important not to forget to always run source venv/bin/activate before working with the bot, so that everything installs correctly!
Now it’s time to get started with the fun. I’m going to create these files:
Now i we crate agents.py It is in this file that i determine the “personalities” for the models. I assign them their roles. Here we can add different things but it is best to keep it simple.
AGENTS = [
{
"name": "haxor",
"model": "mistral",
"system_prompt": "You are an aggressive CTF pentester. Always look for vulnerabilities and enjoy debating with the others about security flaws."
},
{
"name": "softie",
"model": "phi",
"system_prompt": "You are positive, friendly, and always highlight the strengths in any technology. You avoid conflicts and promote harmony."
},
{
"name": "codelord",
"model": "codellama",
"system_prompt": "You are a strict, opinionated code reviewer. You insist on best practices and are quick to criticize bad code or lazy hacks."
},
{
"name": "paranoid",
"model": "llama3",
"system_prompt": "You are obsessed with security, always suspecting backdoors and hidden threats in everything. You trust nothing."
},
{
"name": "redteam",
"model": "neural-chat",
"system_prompt": "You are a sneaky red team operator. Always thinking offensively and suggesting creative ways to break into systems."
},
{
"name": "blueguardian",
"model": "orca-mini",
"system_prompt": "You are a defensive expert who loves layered security. You always counter red team ideas with robust defense strategies."
}
]
The next step is to create the file agent_manager.py which is where, among other things, my function for rotating the models is located.
Now the file chat_handler.py is created, which as you probably understand,it handles the things related to the chat itself.
Now it’s time to write the code for main.py which is the most important part, this is where I create the function so they can interact and discuss with each other.
import discord
import os
import asyncio
from dotenv import load_dotenv
from agent_manager import AgentManager
from chat_handler import ask_agent
load_dotenv()
TOKEN = os.getenv("DISCORD_TOKEN")
CHANNEL_ID = int(os.getenv("DISCORD_CHANNEL_ID"))
intents = discord.Intents.default()
client = discord.Client(intents=intents)
manager = AgentManager()
conversation_history = []
async def debate_loop(channel):
global conversation_history
agent_cycle = manager.get_active()
idx = 0
while True:
agent = agent_cycle[idx % len(agent_cycle)]
response = await ask_agent(agent, conversation_history)
conversation_history.append({"role": "assistant", "content": response})
conversation_history = conversation_history[-15:]
await channel.send(f"**{agent['name']}**: {response}")
await asyncio.sleep(20)
idx += 1
# Rotate every cycle through the 3 agents
if idx % len(agent_cycle) == 0:
old, new = manager.rotate()
agent_cycle = manager.get_active()
if old and new:
await channel.send(f"_(Agent rotation: **{old}** sleeps, **{new}** joins the debate!)_")
@client.event
async def on_ready():
print(f"Logged in as {client.user}")
channel = client.get_channel(CHANNEL_ID)
await channel.send("🤖 Multi-agent AI debate started!")
asyncio.create_task(debate_loop(channel))
client.run(TOKEN)
Now all we have to do is start Ollama as a system service and then run main.py , but first we also need to create a bot in the Discord developer portal and give it the right permissions and then invite it to the server and channel. That’s it, it jumps into the channel but I notice that nothing more than that happens so I start troubleshooting and realize that I have way too little RAM allocated to run so many models at once, so I rewrite agents.py to:
AGENTS = [
{
"name": "softie",
"model": "phi",
"system_prompt": "You are positive, friendly, and always highlight the strengths in any technology."
},
{
"name": "coder",
"model": "codellama",
"system_prompt": "You are a strict code reviewer. You insist on best practices and are quick to criticize bad code."
},
{
"name": "neural",
"model": "neural-chat",
"system_prompt": "You are a sneaky red team operator. Always thinking offensively and suggesting creative ways to break into systems."
},
{
"name": "star",
"model": "starcoder",
"system_prompt": "You obsessively search for software bugs and vulnerabilities in every discussion."
}
]
and try loading a small model locally and test, at first it doesn’t get any contact with Ollama but then it starts but is very sluggish so I simply have to allocate more ram and then rewrite a bit so that only two – three models are used..
When I restarted the Ollama service, it spat out some things about not being able to communicate with Ollama, etc. but after restarting Ollama, I was now able to write in the chat on my own, but it just got an empty message. I will troubleshoot this and come back with a solution when I have found the error.
Wow, I finally got it working, as I thought it was all about resources and that the server was too weak and lacks a GPU. I tested instead on a regular computer with i7 processors, 32 GB RAM and a GTX 1060 with 6GB, and now it works as it should, at first I tested only with one model to see that it works, now I’m testing with two. I also changed a little in the code for main.py so that the models actually talk to each other and debate and respond to each other’s posts.
This is the updated main.py
import discord
import os
import asyncio
from dotenv import load_dotenv
from agent_manager import AgentManager
from chat_handler import ask_agent
load_dotenv()
TOKEN = os.getenv("DISCORD_TOKEN")
CHANNEL_ID = int(os.getenv("DISCORD_CHANNEL_ID"))
intents = discord.Intents.default()
client = discord.Client(intents=intents)
manager = AgentManager()
START_TOPIC = "Let's debate: What is the most exciting AI breakthrough in 2025?"
# Initial conversation history
conversation_history = [
{"role": "user", "content": START_TOPIC}
]
async def debate_loop(channel):
global conversation_history
agent_cycle = manager.get_active()
idx = 0
while True:
agent = agent_cycle[idx % len(agent_cycle)]
# Find the latest assistant message from another agent, or use the start topic
if len(conversation_history) > 1:
found = False
for prev in reversed(conversation_history):
if prev.get("agent") != agent['name'] and prev["role"] == "assistant":
last_message = prev["content"]
found = True
break
if not found:
last_message = START_TOPIC
else:
last_message = START_TOPIC
# Send a "thinking..." message for user experience
thinking_msg = await channel.send(f"*{agent['name']} is thinking...*")
prompt_history = [
{"role": "system", "content": agent["system_prompt"]},
{"role": "user", "content": last_message}
]
try:
print(f"[DEBUG] Asking agent: {agent['name']} about: {last_message}")
response = await ask_agent(agent, prompt_history)
print(f"[DEBUG] Agent {agent['name']} response: {response}")
except Exception as e:
response = f"(Error: {e})"
print(f"[ERROR] Failed to get response from {agent['name']}: {e}")
if not response.strip():
response = "(No answer, try again!)"
conversation_history.append({
"role": "assistant",
"agent": agent['name'],
"content": response
})
conversation_history = conversation_history[-15:]
# Edit "thinking..." message with real answer
await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
await asyncio.sleep(10) # Shorter pause for faster debate!
idx += 1
# Rotate agents after each full cycle
if idx % len(agent_cycle) == 0:
old, new = manager.rotate()
agent_cycle = manager.get_active()
if old and new:
await channel.send(f"_(Agent rotation: **{old}** sleeps, **{new}** joins the debate!)_")
@client.event
async def on_ready():
print(f"Logged in as {client.user}")
print(f"Fetching channel ID: {CHANNEL_ID}")
channel = await client.fetch_channel(CHANNEL_ID)
print(f"Channel fetched: {channel}")
await channel.send("🤖 Multi-agent AI debate started!")
asyncio.create_task(debate_loop(channel))
client.run(TOKEN)
I changed the starting subject and then one of the models replied with a long text of 4000 characters. I had forgotten that Discord has a limit of 2000 characters so I had to make some changes again.
This code is added just before edit and/or send:
#Put the code directly before: await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
# Discord max = 2000 chars
max_len = 2000
if len(response) > max_len:
response = response[:max_len - 40] + "\n\n[Message truncated...]"
# Example
max_len = 2000
if len(response) > max_len:
response = response[:max_len - 40] + "\n\n[Message truncated...]"
await thinking_msg.edit(content=f"**{agent['name']}**: {response}")
Finally..
Here we have now got everything working as intended, in this case there are only two models at the moment but it is easy to add more models and “personalities”. To take it a step further I am thinking of later adding so that it is not just a single starting topic but a list of topics that are randomised, it is not a gigantic project but I feel that I have now achieved the goal of the lab. You can find all the finished files and documentation on my GitHub.
I’m just starting a little lab where I’m going to let a few different local Ollama models meet in a chat on Discord. Each model will have their own personality and their own opinions on different things, but of course a little extra focus on hacking and security. I’m going to document all the steps I take and the problems and solutions I run into and post them here so you can follow it all, when everything is done I will of course put all the files on GitHub so anyone who wants can play with it. The lab will use an HP Microserver gen 8 with 16GB RAM and some suitable distro tx Ubuntu in a VM in Proxmox. I think I’ll start the project today during the day or afternoon. Happy Hacking!
Welcome to my brand new blog!If you’re reading this, you’ve found your way to a small corner of the internet dedicated to hacking, cybersecurity, and digital curiosity.
I go by Jull3Hax0r. I’m a penetration tester, CTF enthusiast, and Linux tinkerer based in Sweden. Here you’ll find everything from guides and write-ups to project logs, hacking tips, and the occasional cyber-meme. I spend most of my days breaking things (legally), building scripts and tools in Python and Bash, and hunting for vulnerabilities in networks, web apps, and embedded devices.
What to expect on this blog:
Deep dives into penetration testing techniques
OSINT investigations and tool development
Write-ups from Hack The Box, TryHackMe, and other CTFs
Linux tips, server security, and privacy tricks
Scripts, code snippets, and automation ideas
Stories from real-world hacking labs
I believe in learning by doing, sharing knowledge, and having fun along the way. Whether you’re a seasoned pentester, a hobbyist, or just starting out, I hope you’ll find something useful (or at least entertaining) here.
Feel free to reach out via the contact form or connect with me on GitHub or Jull3.se. Stay anonymous. Stay curious. Happy hacking!
