The Civil Guard and the National Police, within the framework of the 'Abbadon-Theatre' operation, arrested a person last Tuesday in the town of Calp for his alleged participation in the crimes of discovery and disclosure of secrets, illegal access to computer systems, computer damage and money laundering.
The detainee carried out multiple attacks on the computer services of national and international companies and entities, including public services and government agencies. In addition, he claimed responsibility for the attacks on dark web forums under different pseudonyms to avoid being identified and linked to the criminal acts. Multiple computer equipment was seized during the search of his home, which is being analysed by specialists, and other similar incidents are not ruled out.
In addition, the detainee had more than 50 cryptocurrency accounts with different types of cryptoassets, a significant fact of the extensive knowledge that the arrested person has of the blockchain world. He frequently changed his pseudonym to avoid being detected. After these events, and during the year 2024, various cyberattacks occurred against other entities, public bodies and even Spanish universities. Subsequently, and using up to three different pseudonyms, he attacked international bodies and government organizations by accessing databases with personal information of employees and clients, as well as internal documents that were later sold or freely published on forums.
Cyberattacks carried out against important institutions
The investigation into this target was launched by the National Police in February last year, following a complaint from a Madrid business association after detecting a post on a forum specialising in data leaks, where they claimed to be in possession of information from their website. After carrying out the first steps, the agents found that not only had data been extracted, but the portal had been defaced, displaying a message in which it could be read that the system had been hacked.
Following these events and throughout 2024, this person carried out numerous cyberattacks, including the attack on the National Mint and Stamp Factory, the State Public Employment Service, the Ministry of Education, Vocational Training and Sports, various Spanish universities, as well as databases of NATO, the United States Army, the General Directorate of Traffic, the Generalitat Valenciana, the United Nations, the International Civil Aviation Organization, the Ministry of Defense and his latest claimed attack, on the Civil Guard. This last attack, carried out at the end of December 2024, led the Central Operational Unit of the Civil Guard to investigate it and identify the same target as the author, with the operational exploitation being carried out jointly by both police forces.
Measures to hide navigation trails during attacks
The detainee, with extensive knowledge of computers, had managed to set up a complex technological framework through the use of anonymous messaging and browsing applications through which he had managed to hide his tracks and thus make his identification difficult.
The operation, which was carried out jointly by agents of the Civil Guard and the National Police, had the collaboration of the National Cryptologic Centre (CCN) of the National Intelligence Centre (CNI).
At the international level, there has been collaboration between Europol and the Homeland Security Investigations (HSI) of the USA. The detainee has been placed at the disposal of the Court of Instruction on Duty of Dénia.
