Agents of the National Police arrested a person last Thursday in Alicante for his alleged connection with the hacker group 'Kelvin Security', an organization to which numerous attacks against institutions and companies around the world, including Spain, are linked. The arrested person is charged with the crimes of belonging to a criminal organization, revelation of secrets, computer damage and money laundering.
The police operation, carried out by agents from the General Information Commission (CGI), had the collaboration of the Alicante Provincial Information Brigade and has been coordinated by the Alicante Prosecutor's Office. All this under the direction of the Court of Instruction number five of Alicante.
During the arrest, a search of the detainee's home was carried out, where numerous items and technical supports were seized and are being analyzed by expert cybersecurity researchers. Yesterday morning, the detainee was placed at the disposal of the head of the Court of Instruction number Seven of Alicante on guard duty, who has ordered his entry into prison.
The investigation began at the beginning of December 2021, when the agents became aware of sophisticated cyber attacks suffered on the computer systems of the Getafe (Madrid) and Camas (Seville) City Councils. Subsequently, the City Council of La Haba (Badajoz) and the Government of Castilla-La Mancha were also attacked.
After various efforts to identify the authors, cybersecurity experts detected that the computer attacks were claimed by the 'Kelvin Security' group, through clandestine cybercriminal forums accessed through the 'Dark Web'. In them, exfiltrated confidential data was sold, being especially valuable for actors linked to third countries present in these forums.
Subsequently, the agents verified how the group took advantage of vulnerabilities in web pages, software and information storage services of institutions and entities belonging to strategic sectors around the world to carry out a massive extraction of sensitive information from internal data, clients, workers and users.
'Kelvin Security', whose first records on the network date back to 2013, has profited from the sale of all this information obtained illicitly, having attacked more than 300 organizations from more than 90 countries in the world in the last three years. In addition to Spain, its objectives include countries such as the United States, Germany, Italy, Argentina, Chile and Japan.
The most recent attack was, in mid-November 2023, on the headquarters of an energy company. In this case, they managed to exfiltrate a database with confidential information of more than 85,000 clients of the multinational.
As a result of the investigation, specialists in the fight against cyber threats managed to identify the now detained person, the main person responsible for the money laundering of the money obtained from the criminal activities of the hacktivist group. He is a Venezuelan citizen who operated mainly through the cryptocurrency exchange.
