Pro-Russian hackers attack websites of Spanish state institutions and media

by Lorraine Williamson
Russian cyberattack

Russian hackers have attacked the websites of Spain’s Interior Ministry, the INE, Moncloa, the Central Electoral Council and Correos, among others. The attacks by the pro-Russian group NoName057 began on 19 July, four days before 23 July, and are still active.  

The group of hackers closely linked to Russian intelligence, which has carried out a wave of attacks on state institutions and Spanish media, acted in response to “the support package announced by Pedro Sánchez for the armed conflict in Ukraine,” sources in the field of state cyber security assure Spanish online newspaper EL ESPAÑOL.  

Often an offensive by hackers lasts a few days. However, in the case of the attack against the websites of the Ministry of the Interior, Correos, the Central Electoral Council, the National Institute of Statistics (INE) or even against digital media such as EL ESPAÑOL, the hackers started the operation days before 23-J, and it has been sustained in the most important days of the electoral process.  

The date chosen, in the middle of the elections, is far from coincidental. Moreover, it is a usual strategy of the Kremlin’s intelligence services. According to state cyber security sources, the attack by the pro-Russian hacktivist group NoName057 began on 19 July. 

On Sunday, the group struck by trying to disable the Interior website, which at the time was essential for monitoring vote counting. Then, in the following days, identical cyberattacks followed against the media and websites such as those of the Constitutional Court, the ISDEFE – security consultancy – and the Ministry of Justice. 

According to the same sources, one of their virtual attacks even tried to take down the Royal Household website. However, in many of these cases, the affected companies and government agencies managed to stop the cybercriminals. 

Also read: Russian cyberattack shuts down Spain´s largest research agency

Cogesa Expats

Creating chaos  

These attempts to create chaos in crucial digital spaces were detected from the start. The National Institute for Cyber Security (INCIBE) detected the attack on various media on Tuesday morning. Some of the affected websites experienced accessibility problems in the early hours of the day. 

Both for its contributions to Ukraine over the past 18 months, and for taking over the European Union presidency in July, Spain finds itself in Vladimir Putin’s Russia’s crosshairs. There is a common denominator in the recent attacks and that is the way they are trying to take down all institutional and private websites. The cyberattack has been carried out through a so-called denial-of-service (DdoS) attack. This involves sending huge flow of traffic to a website to block it.  

Moreover, state cyber security sources claim it is a relatively easy threat to stop. 

Defence and cybersecurity alert 

The Spanish state’s cyber security services are focused on online threats. 

This year alone, between 50 and 60 serious attacks aimed at bringing down the public sector have been detected. Generally, these attacks are carried out by international groups, mostly from Russia. The threat of possible Russian interference at a key moment in this election year was one of the main concerns. Therefore, the Ministry of Interior activated an election coordination network, with the priorities of detecting and acting against disinformation campaigns and threats such as those currently received. 

According to intelligence sources consulted, Kremlin attacks in Spain have increased since the beginning of the invasion of Ukraine in February 2022.  

Also read: Spain asks officials to change passwords against cyberattacks

You may also like