Spanish police have arrested one of the leaders of the Kelvin Security hacking group, which is believed to be responsible for 90 cyber attacks against organizations in 300 countries since 2020. On Sunday morning, the telegraph channel of the Spanish National Police published news of the arrest of the head of the group’s financial department. This indicates that the threat is related to attacks on government institutions in Spain, Germany, Italy, Argentina, Chile and Japan. , as well as in the United States.
“The group’s main targets are critical infrastructure and government offices, which have attacked Getafe (Madrid), Camas (Seville), La Jaba (Badajos) and the Spanish government of Castile-La Mancha,” the machine translation reads. Messages in Telegram
Kelvin Security is a hacker group believed to be active since 2013 that exploits vulnerabilities in public systems to obtain valid user credentials and steal sensitive data from compromised systems. Attackers have been active on hacker forums such as RaidForums and BreachForums, selling the stolen data or giving it to other threats for free. 2 notable examples of Calvin’s security breaches are the attacks on Vodafone Italia in 2022/11 and the attacks on US consulting firm Frost & Sullivan in 2020/6. In both cases, Kelvin Security tried to sell the data obtained from the affected companies on hacking forums. Also, as recently as April 2023, cybersecurity company Cyfirma reported the discovery of links between Kelvin Security and ARES, a new cybercrime platform designed to sell databases stolen from government organizations.
Spanish police said several police units were involved in the enforcement activity and were being coordinated by Alicante’s public prosecutor’s office. According to the document, on 2023-12-7, in Alicante, the police arrested 1 of the managers of Kelvin Security, who are citizens of Venezuela. The perpetrators were mainly involved in laundering the proceeds of crime from the sale of stolen data, which made it difficult to trace the money through cryptocurrency exchanges. Police say the investigation into the group began between 2021 and 2012. This shows how difficult it is to track and identify cybercriminals. Police have seized several electronic devices for forensic examination in hopes of helping identify accomplices, data buyers, affiliates, etc. Law enforcement officials have released a video of the search of the attacker’s home and his arrest.