Mats Ljungqvist from the Swedish Prosecution Authority, who is leader of the criminal investigation, told Swedish Radio news that he believes one perpetrator is behind all three attacks, but he wouldn't say why investigators thought so.
"Our main hypothesis is that it's the same culprit or culprits behind these attacks, and that will be our main hypothesis until we can say something else. What we are looking at right now is the method (of the attack) and comparing yesterday's attack with the previous attacks," said Ljungqvist.
It's difficult to track a perpetrator from a technical standpoint, said Ann-Marie Alverås Lovén, head of CERT, the division of the Swedish Civil Contingencies Agency that works with cyber security.
"You need a lot of technical data and also a bit of luck that the computers that have been involved in these attacks actually have logs and that you're able to get to those logs and they're your able to trace them. And that you don't end up in a dead end at some place which is unfortunately kind of common," she told Radio Sweden.
During Thursday's attack many news sites were down or difficult to access. The attack began at 9:30 PM, Holy Thursday night, and lasted two hours according to information from the Swedish Civil Contingencies Agency.
The major Swedish newspapers Dagens Nyheter, Aftonbladet, Dagens Industri, Swedish Dagbladet, Sydsvenskan, Dagens Industri and Expressen reported problems with their sites.
The attack was not as extensive as last weekend's, according to Thomas Mattsson, editor in chief for daily tabloid Expressen, .
"The news service had continued, and you were able to access the sites via alternative means," said Mattsson.
Thursday's attack is the third since a large, coodinated DDoS attack last Saturday. That attack prompted Minister for Home Affairs Anders Ygeman to invite the heads of media outlets for a meeting to discuss cyber security.