DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Dangerous hacker responsible for more than 40 cyberattacks on strategic organizations arrested (1)

Posted on February 5, 2025February 6, 2025 by Dissent

Joint operation of the National Police and the Civil Guard  press release:

The suspect, who claimed responsibility for the intrusions into dark web forums, managed to access the computer services of public and private entities, including the Civil Guard, the Ministry of Defense, the National Mint and Stamp Factory, the Ministry of Education, Vocational Training and Sports, the Generalitat Valenciana, various Spanish universities, databases of NATO and the US Army, as well as other international companies and entities.

During the search, the agents have seized cryptocurrencies and various computer material which is being analyzed by specialists, who do not rule out the clarification of other criminal acts.

February 5, 2025. National Police.

05/02/25.   Watch the video on the National Police’s X.com account.

Agents of the National Police, in a joint operation with the Civil Guard, arrested, last Tuesday in the town of Calpe (Alicante), a person for his alleged participation in the crimes of discovery and disclosure of secrets, illegal access to computer systems, computer damage and money laundering.

The detainee carried out multiple attacks on the IT services of national and international companies and entities, including public services and government agencies. He also claimed responsibility for the attacks on dark web forums under different pseudonyms to avoid being identified and linked to the criminal acts.

During the search of his home, multiple computer equipment was seized, which is being analysed by specialists and other similar events are not ruled out. In addition, the detainee had more than 50 cryptocurrency accounts with different types of cryptoassets, a significant fact of the extensive knowledge that the arrested man has of the blockchain world.

He changed his pseudonym frequently to avoid detection.

Following these events, and during 2024, various cyberattacks against other entities, public bodies and even Spanish universities took place. Subsequently, and using up to three different pseudonyms, he attacked international bodies and government-type organisations by accessing databases with personal information of employees and clients, as well as internal documents that were subsequently sold or freely published on forums.

Cyberattacks carried out against important institutions

The National Police began the investigation in February of last year following a complaint from a Madrid business association after detecting a post on a forum specialising in data leaks, where they claimed to be in possession of information from their website. After carrying out the first steps, the agents found that not only had data been extracted, but the portal had been defaced, displaying a message in which it could be read that the system had been hacked.

Following these events, and throughout 2024, the investigated actor carried out numerous cyberattacks, including the attack on the National Mint and Stamp Factory, the State Public Employment Service, the Ministry of Education, Vocational Training and Sports, various Spanish universities, as well as databases of NATO, the United States Army, the General Directorate of Traffic, the Generalitat Valenciana, the United Nations, the International Civil Aviation Organization, and his latest claimed attack, two databases of the Civil Guard and the Ministry of Defense.

This latest attack, carried out at the end of December 2024, led the Central Operational Unit of the Civil Guard to carry out an investigation and identify the same target as the perpetrator, with the operational exploitation being carried out jointly by both police forces.

Measures to hide navigation trails during attacks

The suspect, who had extensive knowledge of computers, had managed to set up a complex technological network through the use of anonymous messaging and browsing applications, through which he had managed to hide his tracks and thus make his identification difficult.

The operation, which was carried out jointly by agents of the National Police and the Civil Guard, had the decisive collaboration of the National Cryptologic Centre (CCN) of the National Intelligence Centre (CNI).

At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.

Update: See also Bleeping Computer’s coverage, as they identify the young hacker as having used the moniker “natohub” on BreachForums. That account has now been banned on BreachForums because “he can be fedded.”  A post on BreachForums today called “LOCK4J (NATOHUB) ARRESTED BY THE SPANISH NATIONAL POLICE AND THE CIVIL GUARD” appears to have come under the control of law enforcement and claims:

Hi BF
The threat actor who controlled this profile lock4j (aka natohub / m1000 / dsf / gpt / skibiditoilet69) has been arrested in Alicante (SPAIN) by the Spanish National Police and the Civil Guard. Now, he will have to face justice for the cyberattacks carried out. 

The acts promoted in this forum are being investigated by law enforcement agencies, and engaging in them carries legal consequences. Law Enforcement Agencies worldwide work together in the pursuit of these activities.

 

Category: Hack

Post navigation

← A 25-Year-Old With Elon Musk Ties Has Direct Access to the Federal Payment System
Hackers target Taliban databases →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.