Spanish police arrest hacker accused of attacks on NATO, US Army

A hacker who claimed responsibility for dozens of cyberattacks on government institutions in Spain and the U.S. was arrested by Spanish National Police. 

Spanish officials touted the arrest in a statement on Wednesday, accusing the unnamed hacker of breaching systems used by the U.S. Army, United Nations, the International Civil Aviation Organization, the North Atlantic Treaty Organization and several government bodies in Spain. 

Spanish police said they conducted an operation in conjunction with the Civil Guard last Tuesday to arrest the suspect, who was located in the town of Calpe. The suspect is accused of a variety of crimes including the disclosure of secrets, illegal access to computer systems, damage to computers and money laundering. 

“He also claimed responsibility for the attacks on dark web forums under different pseudonyms to avoid being identified and linked to the criminal acts,” the police said. “During the search of his home, computer equipment was seized and is being analyzed by specialists. The detainee had more than 50 cryptocurrency accounts with different types of crypto assets.”

The person arrested allegedly claimed responsibility for several high-profile attacks on Spanish institutions like the Ministry of Defense, the Civil Guard, the Ministry of Education, several Spanish universities and other private entities in the country. 

Spanish authorities began investigating him in February 2024 after multiple cyberattacks in which he allegedly accessed the personal information of employees and clients before posting them on cybercriminal forums. A complaint was filed by a business association in Madrid and police were able to trace his three pseudonyms back to him. 

They continued to track him throughout 2024 up until his attacks on the Ministry of Defense and the Civil Guard — carried out in December. 

Spanish National Police explained it was difficult to track the suspect because of his use of a web of anonymous messaging applications but they coordinated with other Spanish law enforcement agencies like the National Cryptologic Centre of the National Intelligence Centre as well as officials within EUROPOL and the U.S. Homeland Security Investigations.

The attack on the International Civil Aviation Organization was confirmed by the organization one month ago after an account called “Natohub” posted information from it on the cybercriminal platform BreachForums. 

The same account, which was registered about seven months ago, also claimed to have accessed the personal data of 14,000 delegates to the UN.

Spanish news outlets reported that the unnamed suspect is 18 years old and was released after appearing in court and having his passport seized. 

Spanish police have arrested multiple cybercriminals in recent months, joining with several law enforcement agencies in Europe and the U.S. to take down operations based in the country.