Full Source Code of Sweden's E-Government Platform Leaked from Compromised CGI

darkwebinformer.com · reimertz · 17 hours ago · view on HN · vulnerability
0 net
Tags
docker facebook info-disclosure malware rce
Full Source Code of Sweden's E-Government Platform Leaked From Compromised CGI Sverige Infrastructure Skip to content Leaks Full Source Code of Sweden's E-Government Platform Leaked From Compromised CGI Sverige Infrastructure , and Dark Web Informer March 12, 2026 . 6:34 PM 7 min read 𝕏 Share on Facebook Share on Pinterest Share on LinkedIn Share on WhatsApp Share via Email Dark Web Informer - Cyber Threat Intelligence Full Source Code of Sweden's E-Government Platform Leaked From Compromised CGI Sverige Infrastructure March 12, 2026 - 6:25:21 PM UTC Sweden Government / IT Services Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-03-12 18:25:21 UTC Threat Actor ByteToBreach Victim Country Sweden Industry Government / IT Services Victim Organization CGI Sverige AB Affected Platform Sweden E-Gov Platform Category Source Code Leak Severity Critical Network Open Web Price Free (Source Code) Incident Overview A threat actor going by ByteToBreach has leaked the entire source code of Sweden's E-Government platform, claiming it was obtained through a heavily compromised CGI Sverige AB infrastructure. CGI Sverige is the Swedish subsidiary of global IT services giant CGI Group and manages critical government digital services. This is the same actor behind the Viking Line breach posted yesterday. The actor emphasizes this is the full E-Gov platform source code and not just configuration snippets. They state that the Swedish e-government is the most affected party, and note that citizen PII databases and electronic signing documents were also collected but are being sold separately. A staff database, API document signing system, RCE test endpoints, initial foothold details, jailbreak artifacts, and Jenkins SSH pivot credentials are all included in the listing alongside the source code. The disclosed vulnerabilities used in the attack include a full Jenkins compromise, Docker escape via the Jenkins user being in the Docker group, SSH private key pivots, analysis of local .hprof files for reconnaissance, and SQL copy-to-program pivots. The actor makes a pointed note about companies blaming breaches on third parties, explicitly stating that this compromise belongs clearly to CGI infrastructure, referencing Viking Line and Slavia Pojistovna as other examples. The source code is being released for free with multiple backup download links, while citizen databases are sold separately. Compromised Data Categories Full E-Gov Platform Source Code Staff Database API Document Signing Systems Jenkins SSH Pivot Credentials RCE Test Endpoints Initial Foothold & Jailbreak Artifacts Citizen PII Databases (Sold Separately) Electronic Signing Documents (Sold Separately) Claim URL - For Subscribers Only The claim URL for this listing can be found on the Threat Feed or Ransomware Feed for subscribers. Subscribe Now Image Preview Dark Web Informer © 2026 | Cyber Threat Intelligence DarkWebInformer.com Related Leaks 26,500 Exposed IoT Devices and 3,000 RTSP Cameras in Saudi Arabia Listed for Free Download , and Dark Web Informer March 12, 2026 Paid Members Public Leaks Viking Line Ferries Allegedly Breached With Full Passenger Database and Payment Data Leaked , and Dark Web Informer March 11, 2026 Paid Members Public Leaks Alleged Leak of Spanish Ministry of Finance Employee Data Including IDs, IBANs, and Personal Information , and Dark Web Informer March 10, 2026 Paid Members Public Leaks Yummy Rides Venezuela Driver Database Leaked With 30,000 Photos and Full Names , and Dark Web Informer March 9, 2026 Paid Members Public Latest Articles Daily Dose of Dark Web Informer - March 12th, 2026 , and Dark Web Informer March 12, 2026 Paid Members Public Tools Sage: Avast's Agent Detection & Response Layer That Guards AI Coding Agents Against Malicious Commands , and Dark Web Informer March 12, 2026 Paid Members Public Malware Azury Infostealer Source Code Sold for $100 With Full Operator Panel, Crypto Wallet Theft, and Keylogging Capabilities , and Dark Web Informer March 12, 2026 Paid Members Public Data Breaches Alleged Breach of Austrian Trailer Manufacturer HB Brantner With Customer Data, NDAs, and Confidential Drawings Exfiltrated , and Dark Web Informer March 12, 2026 Paid Members Public Leaving Dark Web Informer You're about to visit an external website. Dark Web Informer is not responsible for the content or security of external sites. Don't show this warning again Stay Here Continue Subscribe with Crypto Subscribe to API
← Back to stories