The computer attack unleashed on March 9 against the State Employment Public Employment Service (SEPE), which left the body in charge of managing unemployment benefits out of play for more than a week, was the work of a group of Russian cybercriminals. That is the conclusion reached by the analysts of the National Cryptological Center, dependent on the CNI secret service. Although initially the possibility that Russian official organizations were behind the cyberattack was considered, and this was advanced The confidential, no evidence has been found to support this hypothesis, according to government sources.
Experts from the National Intelligence Center (CNI) have carried out a forensic analysis of the attack, which was perpetrated with a Ryuk virus (a malicious program that locks computers or encrypts files and demands the payment of a ransom to release them) from servers hosted in Russia. , and have located their authorship in a group of cybercriminals. Some of these groups rent their services to individuals or states, like hitmen, making it difficult to identify the ultimate authorship, but there is no indication that this was the case in this case.
Suspicions of the involvement of official bodies were increased by the greater visibility that the Spanish Armed Forces currently have in Eastern Europe: A frigate (first the Colón and then the Méndez Núñez) is at the forefront of the second fleet of NATO surface ships (SNMG-2) and a mine hunter (the Tagus) is part of the second allied mine-fighting group (SNMCMG-2), both operating in the Black Sea; while six Spanish Eurofighters monitor Romania’s airspace during the months of February and March. Added to this is the deployment of a mechanized army battalion with more than 300 soldiers in Latvia; and the presence of a Spaniard, José Borrell, at the forefront of European diplomacy, who has imposed sanctions on Moscow for the imprisonment of opposition leader Alexéi Navalni.
Despite this, military sources assure that the friction of the Spanish troops with their Russian neighbors has been the usual ones in operations on the eastern border of NATO, without an escalation of tension having been detected: Russian ships have followed the movements of the allied fleets in the Black Sea and Spanish fighters have intercepted Russian aircraft flights without a transponder or flight plan near Romanian airspace.
Experts believe that the cyberattack is not related to these military movements and that the criminals simply took advantage of a security breach in the SEPE’s computer systems to sneak in, as they have done in other public institutions and private companies inside and outside Spain. Those responsible for the Ministry of Labor also assure that the cyberattack only affected the Windows operating system and that the attackers were unable to steal or encrypt the data of the millions of users of this service, since daily backups are made of all the formalities.
That does not mean, according to the sources consulted, that Russia has not tried to interfere in the internal Spanish situation by seeking to destabilize it. It did, they say, around the illegal referendum of October 1, 2017 in Catalonia, encouraging social polarization, but it has not done so now. Or, at least, it does not appear.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.