Spanish authorities have arrested a hacker believed to be responsible for cyberattacks targeting over 40 public and private organizations globally.
The suspect, apprehended on Tuesday in Calpe (Alicante), allegedly compromised sensitive data and disrupted critical services, including government agencies, international institutions, and private corporations.
The operation was a collaborative effort between the Policía Nacional and the Guardia Civil, with support from Europol, Homeland Security Investigations (HSI) of the United States, and Spain’s National Intelligence Center (CNI).
The detained individual faces charges of unauthorized access to systems, data breaches, computer sabotage, and money laundering.
Multinational Targets and Sophisticated Techniques
The hacker allegedly targeted high-profile entities such as Spain’s Ministry of Defense, the National Mint and Stamp Factory, the Ministry of Education, NATO, U.S. Army databases, and United Nations systems.
Spanish universities, the Generalitat Valenciana, and private enterprises were also victimized. Using pseudonyms on dark web forums, the suspect claimed responsibility for the attacks, often publicizing or selling stolen information.
Authorities revealed that the hacker demonstrated advanced technical expertise, utilizing anonymous messaging apps, encrypted browsing networks, and false identities to avoid detection.
Notably, their tactics included exploiting vulnerabilities to access databases containing sensitive employee and client information and deploying defacements to publicly humiliate victims.
Cryptocurrency Accounts Seized
During a search of the suspect’s residence, investigators confiscated multiple devices and discovered over 50 cryptocurrency accounts holding a variety of assets.
Specialists are analyzing the seized materials, with law enforcement suggesting that further criminal activities could be uncovered.
The suspect’s knowledge of blockchain technology enabled the laundering of proceeds from illicit activities, making efforts to track funds particularly challenging.
The investigation began in February 2024 after a Madrid-based business association reported stolen data posted on a dark web forum.
Further probes connected the suspect to several high-profile breaches, culminating in an attack on Spain’s Guardia Civil and Ministry of Defense databases in December 2024.
The breach prompted intensified efforts by the Guardia Civil’s Central Operational Unit, which ultimately identified and located the hacker.
This arrest highlights the importance of cross-border cooperation in combating cybercrime. The joint work of Spanish law enforcement with international partners like Europol and HSI was integral to the operation’s success.
As the investigation continues, officials emphasize the ongoing need for robust cybersecurity measures to safeguard critical infrastructure.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free