Tag Archive for: Spanish

Ransomware gang demands €10 million after attacking Spanish council


The mayor of Calvià, a municipality on the Spanish island of Majorca, has said the city council will not be paying an approximately €10 million extortion fee demanded by criminals following a ransomware attack.

Calvià, a region on the southwestern part of the resort island, has around 50,000 residents who have been informed that the council is working to “recover normality as soon as possible.”

In a statement on the council’s website, it confirmed that a crisis cabinet had been formed to evaluate the scope of the cyberattack, which was discovered on Saturday morning.

“The IT Service, accompanied by a team of specialists, is working on the mandatory forensic analyses, as well as on the recovery processes of our affected services,” the statement said.

Mayor Juan Antonio Amengual has said he will not consider paying the extortion fee, as reported by the Majorca Daily Bulletin. He also released a video statement on social media.

Spain was among the Counter Ransomware Initiative signatories that last year pledged “relevant institutions under the authority of our national government should not pay ransomware extortion demands.”

As a result of the attack on Calvià, the council has had to temporarily suspend all administrative deadlines — for instance the submission of civil claims and requests — until the end of January.

The city council said it had contacted the cybercrime department of the Civil Guard and shared its preliminary forensic analysis.

“The city council deeply regrets the inconvenience that this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, rapid and effective manner possible,” the website said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Source…

Spanish police say they nabbed leader of one of the world’s biggest hacking groups



Arrestee linked to Kelvin Security, which over last 3 years carried out more than 300 high-level attacks around the world – Anadolu Ajansı …

Source…

Prolific Spanish Teen Hacking Suspect Arrested


Spanish police have arrested a 19-year-old who they claim represents a national security threat due to the magnitude of the cyber-attacks he has conducted.

An investigation into Jose Luis Huertas (aka “Alcasec”) began after he allegedly hacked the national council of the judiciary (CGPJ) and tax agency, and stole data on over half a million Spaniards.

The individual subsequently created a database filled with this information, including personal data and bank account numbers, for onward sale to cyber-criminals, according to the Spanish National Police (Policia Nacional).

Huertas is also accused of building a de facto search engine – dubbed “Udyat,” or the “Eye of Horus” – to sell large volumes of stolen data.

Read more on teenaged hackers: UK Teen Arrested on Computer Misuse Charges.

The teen even boasted in a YouTube video of having access to the personal data of 90% of Spaniards, according to the police. Although the figure may have been an exaggeration, the Policia National claimed that the volume of data stolen by Huertas was so significant that it made him a threat to national security.

Officers claimed that he led a life of luxury funded by this cyber-criminality, including going on expensive holidays, visiting high-end restaurants and wearing luxury brands.

Huertas allegedly laundered the proceeds of crime through cryptocurrency mixer services, although specialist investigators were still able to trace some of the funds.

When officers searched Huertas’s home and other premises, they seized a large volume of cash, documents, digital media, a motorcycle and a high-end vehicle.

Teenaged cyber-criminals are more common than one might suspect. Last year two British teenagers were charged with hacking offenses in relation to the infamous Lapsus$ extortion group. A teenager was also behind the much-publicized 2015 TalkTalk data breach.

Last year the UK’s National Crime Agency (NCA) claimed that children as young as nine have been able to launch DDoS attacks thanks to readily available online services.

Source…

Spanish hacker arrested, UK offensive cyber principles, eFile malware


Prominent Spanish hacker arrested

Spanish police arrested José Luis Huertas, known by the alias Alcaseca, believed responsible from multiple notable cyberattack in the country. Among other activities, he created the Udyat search engine used for selling stolen personal information. Police launched an investigation into his activity back in November, after a network breach at Spain’s national council of the judiciary that stole data on over half a million taxpayers. He’s also charged with impersonating a media executive and money laundering. 

(Bleeping Computer)

The UK’s Offensive Cyber Capabilities Principles

The UK’s National Cyber Force, or NCF shared its principles it uses to conduct covert  offensive cyber operations. The NCF qualified these by saying it “would rarely if ever get involved” if another response from the government would more effectively deal with a challenge from another nation state. Overall the NCF outline three overall principles, operations need to be accountable, precise, and calibrated. Its operation can include attacks against IT networks and technology to make it less effective or unable to function entirely. The document further places the NCF’s actions within the UK’s existing legal framework, attempting to show how the agency assess targets for escalation and de-escalation. 

(InfoSecurity Magazine)

eFile site serving malware

Bleeping Computer confirmed that the IRS-authorized e-file software service provider eFile.com delivered a malicious JavaScript file since at least April 1st. Some users on Reddit reported seeing suspicious behavior with the eFile site as far back as mid-March. The file prompts users to download a next stage payload. Researchers at MalwareHunterTeam say this payload contained a Windows backdoor that could eventually give full access to machines, essentially communicating with a C2 server to enroll the machine into a full on botnet. The malware is no longer on the site, and did not impact the IRS’ e-file infrastructure. Antivirus solution are also reportedly spotting the malicious file. 

(Bleeping Computer)

Most organizations identify high OT risk…

Source…