According to an analysis by International Cyber Digest, the leaked repositories appear to originate from an internal CGI GitLab instance. The exposed code includes core government platforms that millions of Swedes interact with daily: Mina Engagemang citizen services, the Signe electronic signature portal and the Företrädarregister authorization system that governs legal representation for organizations. The leak also contains database passwords, SMTP credentials, keystore files and embedded Git credentials exactly the type of authentication material that enables lateral movement through connected systems. Swedish IT security expert Anders Nilsson told SVT that “source code for several programs appears to exist, and from what I can see, the hack looks genuine.”