Spanish law enforcement has dismantled a cybercriminal operation that targeted high-ranking government officials and journalists in what authorities describe as a threat to national security.
Hackers Targeted State Institutions and Media Figures in Coordinated Data Theft
The Spanish National Police have arrested two individuals in Las Palmas for their alleged involvement in a series of cyberattacks targeting the Spanish government and national media. Authorities say the attackers exfiltrated sensitive data belonging to senior government officials, regional leaders, and journalists, which they later leaked online to boost the value of the stolen information.
“The investigation began when agents detected the leakage of personal data affecting high-level institutions of the State across various mass communication channels and social networks,” Spanish police said in a public statement.
The suspects—whose names have not been disclosed—are accused of running a two-part operation. One handled the technical data theft, while the other was responsible for monetization, including selling stolen credentials and managing the associated cryptocurrency wallets.
Devices Seized in Raids May Reveal More Links
Police carried out the arrests at the suspects’ residences and seized numerous electronic devices. These are now under forensic examination. Authorities believe the contents could reveal additional accomplices, buyers, or further evidence tying the individuals to cybercriminal networks.
Investigators say the actors leaked samples of stolen data to gain notoriety and drive up the black-market value of the credentials and files they were selling.
Part of a Broader Crackdown on Cybercrime in Spain
This latest arrest is part of Spain’s growing efforts to clamp down on cybercrime operations with international ties. In February 2025, a hacker accused of breaching systems belonging to the Guardia Civil, the Ministry of Defense, NATO, the U.S. Army, and several universities was arrested.
In June 2025, authorities apprehended a British national in Palma de Mallorca suspected of being part of the Scattered Spider hacking group, which has targeted dozens of U.S. companies. And in December 2023, Spanish police arrested alleged leaders of Kelvin Security—a group responsible for more than 300 attacks across 90 countries over three years.
National Security Incidents Demand Strong Cyber Resilience
This case underscores the urgent need for governments and enterprises alike to protect against targeted attacks aimed at sensitive data. As cybercriminal tactics evolve, the ability to maintain operational continuity—even during a breach—is critical.
That means not only protecting networks but ensuring that data can be restored without compromise. Air-gapped and immutable backup systems are now a baseline requirement for any organization exposed to high-risk environments.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
