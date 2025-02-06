The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web.

The attacks

The National Police began the investigation in February 2024, after a Madrid business association discovered that a hacker boasted on an underground criminal forum that they have information stolen from the association’s website.

“Once the first steps were made, the agents found that he had not only extracted data, but had left the portal defaced, showing a message in which it could be read that they had hacked the system,” the National Police said.

The suspect was arrested in Calpe (Alicante province) last Tuesday in his home. The agents confiscated computer equipment, whose analysis may provide more clarity in the attacks claimed by the hacker and possibly into other crimes.

“Throughout 2024, the investigated actor was carrying out numerous cyberattacks, among which the attack on the National Coin and Stamp Factory, the State Public Employment Service, the Ministry of Education, Vocational Training and Sports, different Spanish universities, as well as NATO databases, the United States Army, the General Directorate of Traffic, the Generalitat Valenciana, the United Nations, the International Civil Aviation Organization, and its latest claimed attack, two databases of the Civil Guard and the Ministry of Defense,” the National Police shared.

That last attack, carried out at the end of December 2024, prompted an investigation by the Central Operational Unit of the Spanish Civil Guard, and the two law eforcement agencies joined forces to unmask the attacker.

The suspect

The UN ICAO hack was claimed by dark web forum user “Natohub” but, according to the National Police, the hacker used three different pseudonyms to muddy the waters.

His extensive knowledge of information systems and his used of anonymous messaging and browsing apps allowed him to remain unknown for a while.

Some of the data stolen from the various target organizations were leaked online by the hacker, and others were sold. The police found that the suspect had over 50 cryptocurrency accounts with different types of crypto assets.

The police did not reveal his name, but local news outlet La Razon says he is an 18-year-old man.

He is accused of discovery and disclosure of secrets, illegal access to computer systems, damage to computers and money laundering.