Sweden’s NATO membership may now be imminent, and this development could trigger a significant rise in cybersecurity attacks targeting Swedish organizations. This warning comes from Diana Selck-Paulsson, a cybersecurity researcher at Orange Cyberdefense, who has analyzed attack trends against Nordic entities. A substantial surge in attacks occurred when Finland joined NATO.
According to recent news reports, Turkey’s parliament has approved Sweden’s NATO accession, leaving only President Erdoğan’s formal ratification. Hungary has previously stated it does not want to be last in voting, which could mean Sweden becomes a NATO member very soon.
“There is a clear risk that Sweden will face a large number of cyberattacks, particularly from politically motivated threat actors such as NoName057(16),” says Diana Selck-Paulsson, security researcher at Orange Cyberdefense. NoName057(16) is a pro‑Russian actor that leverages a volunteer-based DDoS project called DDoSia to target Western organizations across both private and public sectors. NATO and its members are recurring targets for this group. Active since March 2022, the group has repeatedly targeted NATO members and venues for high-level meetings and similar events on more than 50 occasions.
When Finland joined NATO in April 2023, attacks were observed that reflected the political context of NATO accession. Threat actors used the political justification of NATO membership to target both private companies and public institutions in Finland.
Since joining NATO, Finland has experienced an increase in cyberattacks, a pattern that suggests Sweden could face similar pressure if it becomes a member. Actors like NoName057(16) might also inspire or recruit other threat groups to participate in coordinated attacks against Sweden both immediately and after a potential NATO accession. Preparedness is therefore essential: public and private organizations in Sweden should anticipate and plan for a rapid increase in the volume and intensity of cyber incidents.
To reduce risk, organizations should prioritize strengthening defenses, maintaining up-to-date incident response plans, and increasing collaboration with national cybersecurity authorities and sector peers. Enhanced monitoring, robust backup strategies, regular patching, clear communication channels, and staff training on phishing and social engineering can all help limit the impact of politically motivated campaigns. Given the observed trends in the Nordic region, proactive measures are critical to mitigate the heightened threat landscape associated with NATO accession.