Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Spain. Show all posts
Spanish government data breach
Cyber Attacks cybercrime surge 2025 GordonFreeman hacker IDOR vulnerability exploit Ministry of Science cyberattack Spain Spanish government data breach

Spain Ministry of Science Cyberattack Triggers IT Shutdown, Hacker Claims Data Breach

 

A cyberattack targeting the Ministry of Science, Innovation and Universities has led to a partial shutdown of government IT infrastructure, interrupting essential digital services relied upon by researchers, universities, students, and businesses nationwide.

Authorities initially referred to the disruption as a “technical incident,” but mounting evidence — alongside confirmations from Spanish media — now indicates the event was the result of a cyberattack that may have compromised sensitive academic, personal, and financial data.

The ministry is a key pillar of Spain’s higher education and research framework. Any outage affecting its digital systems carries significant operational and administrative consequences, elevating the seriousness of the breach beyond a routine technical malfunction.

In a statement posted on its electronic headquarters, the ministry acknowledged the disruption and announced the temporary closure of several digital services.

“As a result of a technical incident that is currently being assessed, the electronic headquarters of the Ministry of Science, Innovation and Universities has been partially closed.”

The notice further stated: “All ongoing administrative procedures are suspended, safeguarding the rights and legitimate interests of all persons affected by said temporary closure, resulting in an extension of all deadlines for the various procedures affected.”

Officials added that deadline extensions would remain active: "until the complete resolution of the aforementioned incident occurs," citing Article 32 of Law 39/2015.

While the extension of deadlines offers procedural protection to affected users, the absence of immediate clarity regarding the nature of the disruption sparked concern among stakeholders.

Hacker Claims Responsibility for Breach

Concerns escalated after a threat actor operating under the alias Gordon Freeman appeared on underground forums claiming responsibility for the attack. The individual alleged exploitation of a critical Insecure Direct Object Reference (IDOR) vulnerability, which reportedly granted “full-admin-level access” to internal systems.

The attacker published sample screenshots online — though their authenticity has not been independently confirmed — showing what appear to be official documents, email addresses, enrollment records, and internal communications.

Spanish outlet OKDIARIO reported that a ministry spokesperson acknowledged the IT disruption stemmed from a cyberattack and confirmed that the electronic headquarters had been taken offline to evaluate the potential scope of the breach.

Although the forum where the leak was allegedly posted has since gone offline and the data has not resurfaced elsewhere, early indicators suggest the materials could be genuine. If verified, the breach would represent a significant failure in access control safeguards.
According to the attacker’s claims, the compromised data may include:
  • Scanned identification documents, including NIEs and passports
  • Email addresses
  • Payment confirmations displaying IBAN numbers
  • Academic transcripts and apostilled degrees
  • Curricula containing private personal details
If confirmed, the breach could expose thousands of students and researchers to identity theft, financial fraud, and long-term privacy risks. Academic records, once leaked, are particularly difficult to revoke or replace.

The incident reflects a broader cybersecurity challenge in Spain. Cybercrime now represents more than one in six recorded criminal offenses nationwide. Authorities have reported a 35% increase in cyberattacks this year, with daily incidents exceeding 45,000. Between late February and early March, reported attacks surged by 750% compared to the same timeframe last year.

During the week of 5–11 March 2025, Spain ranked as the most targeted country globally, accounting for 22.6% of all recorded cyber incidents — surpassing even the United States.

Experts attribute the trend to two primary factors: rapid digital transformation — accelerated by EU-backed modernization initiatives — and insufficient investment in cybersecurity infrastructure. Ransomware incidents alone have climbed 120%, disproportionately affecting public institutions and small-to-medium enterprises.


Read more »
Spain
Data Breach Data Leak Education ministry of science Online Platforms Spain

Spain’s Science Ministry Partially Shuts Online Systems After Suspected Cyber Incident

 



Spain’s Ministry of Science, Innovation and Universities has temporarily disabled parts of its digital infrastructure following what it described as a technical problem. The disruption has affected several online services used by citizens, universities, researchers, and businesses for official procedures and submissions. These platforms support important administrative functions and process sensitive information, which is why access was restricted as a precaution.

The ministry oversees national science policy, research programs, innovation initiatives, and higher education administration. Its systems handle high-value data, including academic and research records, application materials, and personal information linked to students and professionals. Because of the incident, multiple digital services were made unavailable, and active procedures were placed on hold to limit any potential risk to data or system integrity.

In a public notice on its official website, the ministry stated that the incident is under technical assessment and did not disclose further details at the time. The announcement clarified that the ministry’s online portal is only partially operational and that ongoing administrative processes have been paused to protect the rights and lawful interests of affected users. To reduce the impact of the outage, authorities confirmed that deadlines for affected procedures will be extended in line with Spain’s administrative law provisions, so applicants and institutions are not penalized for delays caused by the shutdown.

Separately, claims surfaced on underground online platforms from an individual alleging unauthorized access to the ministry’s systems. The person shared what they presented as sample data to support the claim and stated that additional information was available for sale. The material reportedly includes personal records, email information, application-related documents, and images of official paperwork. These claims have not been independently verified, and the online space where the samples were shared later became inaccessible.

The same individual alleged that access was gained by exploiting a security weakness that can allow users to reach restricted resources without proper authorization. Such flaws, when present in web applications, can expose internal systems if not properly secured. At this stage, the technical details of the claim remain unconfirmed by authorities.

Spanish media outlets have reported that a ministry spokesperson acknowledged that the service disruption is linked to a cybersecurity incident. However, officials have not confirmed whether any data was accessed or taken, nor have they outlined the scope of any potential compromise. The ministry has indicated that investigations are ongoing to determine what occurred and to restore services safely.

Cybersecurity experts consistently warn that public sector systems are frequent targets because of the volume and sensitivity of data they manage. Strong access controls, continuous monitoring, and timely security updates are critical to reducing exposure to such risks. Further updates from the ministry are expected once technical assessments are completed and the situation is fully clarified.

Read more »
Spain
Black Axe Gang Cyber Crime Europe Europol Germany Spain

Europol Cracks Down Gang Responsible for Cyber Crime Worth Billions


Europol’s joint operation to crackdown international gang

Europol recently arrested 34 people in Spain who are alleged to have a role in a global criminal gang called Black Axe. The operation was conducted by Spanish National Police and Bavarian State Criminal Police Office and Europol. 

Twenty eight individuals were arrested in Seville, three in Madrid and two in Malaga, and the last one in Barcelona. Among the 34 suspects, 10 individuals are from Nigeria. 

“The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries,” Europol said in a press release on its website. 

About Black Axe 

Black Axe is infamous for its role in various cyber crimes like frauds, human trafficking, prostitution, drug trafficking, armed robbery, kidnapping, and malicious spiritual activities. The gang annually earns roughly billions of euros via these operations that have a massive impact. 

Officials suspect that Black Axe is responsible for fraud worth over 5.94 million euros. During the operation, the investigating agencies froze 119352 euros in bank accounts and seized 66403 euros in cash during home searches. 

The crackdown 

Germany and Spain's cross-border cooperation includes the deployment of two German officers on the scene on the day of action, the exchange of intelligence, and the provision of analytical support to Spanish investigators. 

The core group of the organized crime network, which recruits money mules in underprivileged communities with high unemployment rates, was the objective of the operation. The majority of these susceptible people are of Spanish nationality and are used to support the illegal activities of the network.

Europol's key role

Europol provided a variety of services to help this operation, such as intelligence analysis, a data sprint in Madrid, and on-the-spot assistance. Mapping the organization's structure across nations, centralizing data, exchanging important intelligence packages, and assisting with coordinated national investigations have all been made possible by Europol. 

In order to solve the problems caused by the group's scattered little cases, cross-border activities, and the blurring of crimes into "ordinary" local offenses, this strategy seeks to disrupt the group's operations and recover assets.



Read more »
User Privacy
Data Breach Fashion Retailer MANGO Spain User Privacy

MANGO Marketing Vendor Breach Exposes Customer Contact Details

 

MANGO, the Spanish fashion retailer, has disclosed a data breach affecting customer information due to a cyberattack on one of its external marketing service providers. The incident, revealed on October 14, 2025, involved unauthorized access to personal data used in marketing campaigns, prompting the company to notify affected customers directly.

The compromised data includes customers' first names, country of residence, postal codes, email addresses, and telephone numbers. Notably, sensitive details such as last names, banking information, credit card data, government-issued IDs, passports, and account credentials were not accessed, reducing the risk of financial fraud. Despite this, the exposed information could be leveraged by threat actors for targeted phishing campaigns, where attackers impersonate legitimate entities to trick individuals into revealing further personal or financial data.

MANGO emphasized that its corporate infrastructure and internal IT systems remained unaffected, with no disruption to business operations. The company confirmed that all security protocols were activated immediately upon detection of the breach at the third-party vendor, although the name of the compromised marketing partner has not been disclosed.

In response, MANGO has reported the incident to the Spanish Data Protection Agency (AEPD) and other relevant regulatory authorities, in compliance with data protection regulations. To assist concerned customers, the company has established a dedicated support channel, including an email address (personaldata@mango.com) and a toll-free hotline (900 150 543), where individuals can seek clarification and guidance regarding potential exposure.

Founded in 1984 and headquartered in Barcelona, MANGO operates over 2,800 physical and e-commerce stores across 120 countries. It employs approximately 16,300 people and generates an annual revenue of €3.3 billion, with nearly 30% derived from online sales. While the breach does not impact core business systems, the incident highlights the growing risks associated with third-party vendors in digital supply chains, particularly in the retail and fashion sectors that rely heavily on external marketing and customer engagement platforms.

At the time of reporting, no ransomware group has claimed responsibility for the attack, and the identity of the attackers remains unknown. Local media outlets reached out to MANGO for further details on the scope and technical aspects of the breach but had not received a response by publication.
Read more »
Spanish authorities
CPF nomination note Cyber Security iPad Report Singaporean woman Spain Spanish authorities

Report: Spanish Authorities Discover CPF Nomination Note on iPad of Slain Singaporean Woman in Spain

 

Singaporean authorities, along with two banks and Hong Kong police, thwarted a scam targeting a 70-year-old victim, recovering over S$370,000. The Singapore Police Force (SPF) disclosed that DBS detected suspicious transactions amounting to about S$180,000, promptly blocking further transfers and alerting the Anti-Scam Centre (ASC) who then informed Hong Kong's Anti-Deception Coordination Centre (ADDC).

The investigation into the killing of a Singaporean woman in Spain has taken a curious turn with the discovery of a Central Provident Fund (CPF) nomination note on her iPad. The note indicated her intention to nominate an individual as a beneficiary due to their longstanding friendship and mentioned a loan of US$50,000, raising questions about the motive behind the crime.

CPF, a mandatory social security savings scheme, allows individuals to nominate beneficiaries to receive their savings in the event of death. The presence of the note, dated Mar 24, found on the victim's iPad, suggests premeditation. The woman, identified as Ms Audrey Fang, was found dead with multiple stab wounds in Spain, where a Singaporean man, Mitchell Ong, was arrested in connection with her murder.

Concerns have arisen regarding the possibility of Ong being nominated as the beneficiary of Ms Fang's CPF money. Her family is taking steps to verify this and investigate any financial transactions, including transfers from her bank account. Doubts have been raised about the authenticity of the note, particularly regarding currency discrepancies and language usage.

Details surrounding Ms Fang's last-minute trip to Spain and her interactions with Ong before her death have also come to light. Her family finds the circumstances of her trip unusual, especially considering her impending plans for another holiday. Ong's behaviour, including extending his hotel stay and making dubious claims to hotel staff, adds complexity to the investigation.

Ms Fang's family is seeking closure and clarity on her relationship with Ong, as prosecutors pursue a significant sentence if he is convicted.
Read more »
Spain
Cyber Attacks Data Stolen Databreach Iberdrola Spain

1.3 million Iberdrola Customers Hit In Cyberattack

 

A few days ago, the Iberdrola group was hit by a cyberattack that successfully exposed the sensitive credentials of 1.3 million customers, the company confirmed. 

The company further added that the computer breach was stopped within a few hours and the matter was resolved the same day. However, unfortunately, the attack has affected 1.3 million users. The hackers, reportedly, could only access name, surname, and ID. They failed to get access to bank, tax, or electricity consumption data. The next day, once the breach was closed, the company detected massive attacks that did not achieve its objective. 

Following the attack, a statement was released by the company for its customers in which Iberdrola assured that all the necessary steps have been taken to mitigate the impact of the attack and no financial data such as bank details, account numbers, or credit cards details have been violated. Additionally, for future safety, the company has recommended its customers be more cautious of any emails or communications impersonating to be from Iberdrola. 

"If you have received the statement issued by the company, you must be vigilant and regularly monitor what information circulates on the Internet to detect if your private data is being used without your consent," the representatives added. 

The group was chaired by Ignacio Galán who brought forth the same attacks that took place in the Cercanías service in Madrid, in the Congress of Deputies, or in other European institutions. However, he said that the attackers have not had access to critical data. Further, Iberdrola revealed that “we were warned by the United States government about the possibility of a cyber-attack after the invasion of Ukraine.”

Iberdrola is a giant Spanish multinational electric utility company that has more than 34,000 employees serving around 31.67 million customers. The company has the largest shareholders in the global market. According to the 2013 report, the largest shareholder of the company was Qatar Investment Holding, Norges Bank, Kutxabank, and CaixaBank.

Read more »
Spain
Arrests Email Fraud Frauds Fraudsters Hackers Mobile Security Scam Sim Hijacking SIM Swapping Attacks Spain

Spanish Police Arrested SIM Swappers who Stole Money from Victims Bank Accounts

 

The Spanish National Police have arrested eight suspected members of a criminal organisation who used SIM swapping assaults to steal money from the victims' bank accounts. 

SIM switching assaults are used by criminals to get control of victims' phone numbers by duping mobile operator workers into transferring their numbers to SIMs controlled by the fraudsters. The attackers can steal money, cryptocurrency, and personal information, including contacts linked with online accounts, once a SIM has been stolen. Criminals could take over social media accounts and utilise SMS to circumvent 2FA services utilized by online services, including financial services. 

In the incident under investigation by Spanish police, the cybercriminal gained the victims' personal information and bank details via fraudulent emails in which they pretended to be their bank. The fraudsters were able to falsify the victims' official documents and use them to dupe phone store staff into issuing them with replica SIM cards. They were able to overcome SMS-based 2FA needed to access bank accounts and take the money once they had the SIM cards. 

The press release published by the Spanish National Police stated, “Agents of the National Police have dismantled a criminal organization dedicated, presumably, to bank fraud through the duplication of SIM cards. There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents. With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

The first SIM swapping attack linked to this group occurred in March 2021, when Spanish authorities received two reports about fraudulent transactions in different parts of the country. Crooks used bank transfers and digital quick payment services based in the region of Barcelona to launder the stolen funds. Seven people were arrested in Barcelona and one in Seville as a byproduct of the operation. The suspects' bank accounts were also banned by the authorities. 

The FBI announced this week that SIM swap attacks have increased, with the objective of stealing millions of dollars from victims by hijacking their mobile phone numbers. According to the FBI, US individuals have lost more than $68 million as a result of SIM switching assaults in 2021, with the number of complaints and damages nearly doubling since 2018. The FBI's Internet Crime Complaint Center (IC3) received 1,611 SIM switching assault reports in 2018, compared to 320 complaints between 2018 and 2002, resulting in a total loss of $12 million. 

Individuals should take the following steps, as per the FBI: 

• Do not post details regarding financial assets, such as bitcoin ownership or investment, on social networking platforms or forums. 
• Do not disclose the mobile number account details to representatives who ask for the account password or pin over the phone. Verify the call by calling the mobile carrier's customer support number. • Posting personal information online, such as your phone number, address, or other identifying information, is not a good idea. 
• To access online accounts, use a variety of unique passwords. 
• Any changes in SMS-based connectivity should be noted. 
• To gain access to online accounts, use strong multi-factor authentication solutions such as biometrics, physical security tokens, or standalone authentication software. 
• For easy login on mobile device applications, do not save passwords, usernames, or other information. 

On the other hand, mobile providers should take the following safety measures, according to the FBI: 

• Employees should be instructed and training sessions on SIM swapping should be held. 
• Examine incoming email addresses containing formal correspondence for minor differences that could make fraudulent addresses appear real and match the names of actual clients. 
• Establish stringent security standards that allow workers to effectively check customer credentials before transferring their phone numbers to a new device.
Read more »
WhatsApp
Backups malware phishing Phishing and Spam Spain Spanish WhatsApp

Bogus Backup Message from WhatsApp Delivers Malware to Spanish Users

 

Authorities in Spain have issued a warning about a phishing campaign that impersonates WhatsApp to deceive consumers into installing a trojan. The recipients are advised to get copies of their chats and call records from a website that only sells the NoPiques virus. 

The NoPiques (“Do not chop”) malware is packaged in an a.zip archive that infects vulnerable devices on execution. The Spanish language subject line for dangerous emails is often ‘Copia de seguridad de mensajes de WhatsApp *913071605 No (xxxxx)', however, this may not be the case always as it can vary. Unlike many malware-peddling phishing messages in English and other languages, the emails are written in grammatically correct Spanish, or at least with few faults. 

The Spanish National Cybersecurity Institute's (INCIBE) Oficina de Seguridad del Internauta (OSI) has issued a warning regarding the malware campaign. “If you haven't run the downloaded file, your device may not have been infected. All you have to do is delete the file that you will find in the download folder. You should also send the mail you have received to the trash,” said INCIBE. 

“If you have downloaded and run the malicious file, your device may have been infected. To protect your device, you must scan it with an updated antivirus or follow the steps that you will find in the device disinfection section. If you need support or assistance to eliminate the Trojan, INCIBE offers you its response and support service for security incidents,” they added. 

INCIBE said that they remind consumers: in case of doubt about the legitimacy of an email, they should not click on any link or download any attached file. To check the veracity, consumers can contact the company or the service that supposedly sent them the email, always through their official customer service channels. 

They also said that in addition, for greater security, it is advisable to periodically back up all the information that consumers consider important so that, if their computer is affected by a security incident, they do not lose it. They further added that it is also advisable to keep their devices updated and always protected with an antivirus.
Read more »
Targeted cyber attacks
Cyber Attacks Ministry of labour and social economy ransomware. Spain Targeted cyber attacks

Spanish Government Witnesses Cyber Attack

 

Earlier this morning, the Ministry of Labour and Social Economy of the Spanish government witnessed a cyber-attack. At the moment, Ministry did not comment on the specifications, nature, and severity of the attack. 

According to the official website of the department, the Ministry organizes and supervises Spain’s employment work, social economy, and look after social responsibility policies. This Ministerial Department has an annual budget of around €39 million. 

In the wake of the attack, the IT cyber-researchers at the department – an agency within Spain’s National Intelligence Centre from the National Cryptological Centre together with the Spanish Ministry of Labor and Social Economy (MITES) are investigating the attack and working to restore services. 

“The Ministry of Labor and Social Economy has been affected by a computer attack…” 

“…The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible," MITES’ media office said earlier today. 

After the cyber-attack the official website of the Ministry was still accessible, however, the communications office and the multimedia room were down. 

"The computer attack that the Ministry of Labor and Social Economy has suffered has NOT affected the operation of the State Public Employment Service, The Electronic Office, the website, and the set of services continue to be provided normally,"  SEPE reported. 

Furthermore, a government agency of the Spanish, Servicio Público de Empleo Estatal (SEPE) – a part of MITES that took a severe hit by ransomware in March due to which the services of the department were inaccessible for around two weeks – reported that it was not affected by the cyberattack. 

According to the resources, the SEPE department was hit by a Russian Ryuk ransomware gang on March 09, 2021.  As a result, over 700 agency offices across Spain were badly impacted. Besides, the agency’s workstations, the ransomware attack had impacted remote working stations of the department. It should be noted that the Spanish labor agency is the only ministry that has been hit by a ransomware attack in Spain.
Read more »
Spain
Employment Service malware Ranomware Attack Ryuk Ransomware SEPE Spain

Ryuk Ransomware Hits Spain's Employment Agency

 

The Spanish State Employment Service (SEPE) has been targeted by a ransomware attack which has resulted in hundreds of offices being knocked offline. According to Central Independent Trade Union and Civil Servants, the ransomware attack on SEPE has affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments.

SEPE is a Spanish government agency for labor that provides employment opportunities to the public. The ransomware is said to have spread beyond SEPE’s workstations and also targeted the agency’s remote working employees’ devices. 

The SEPE published a note on their website which said, “currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to the citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.” 

According to Business Insider Spain, the cyberattack is the work of Ryuk ransomware. Ryuk is a ransomware-as-a-service (RaaS) group that’s been active since August 2018 and is known for running a private affiliate program. In this program, affiliates can submit applications and resumes to apply for membership. The threat group has targeted several organizations over the past year, such as Universal Health Services.

Gerardo Gutiérrez, director of SEPE confirmed that the agency’s network systems were encrypted by the Ryuk ransomware operators after the incident. “Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” he further added. 

According to Central Sindical Independiente y de Funcionarios (CSIF), the attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be delayed. The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops.
Read more »
Subscribe to: Comments (Atom)