Spain

Country

Ransomhouse Extortion Group Paralyzes Barcelona Hospital Operations.

March 6, 2023

A cyberattack has targeted one of Barcelona’s leading hospitals, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient checkups. The hospital’s SAP system wasn’t impacted, but all applications and communications remain broken as work to restore critical systems continues. This means that patient information for physicians is out of reach, and the situation impacts care services.

In addition to the cancellations mentioned above, the hospital delayed 800 urgent cases and diverted patients to other hospitals.

read more

Cyberattack at Drug Distributor Alliance Healthcare Impacts Pharmacies in Spain.

March 17, 2023

A cyberattack on one of the main distributors of Catalan pharmacies, Alliance Healthcare, is disrupting medicines supplies, according to the Spanish daily ‘El País.’ A week later, the company’s website is still completely inaccessible. Alliance Healthcare’s billing systems and ordering processes are also in utter chaos, El País’ sources said. Outages led to supply delays, with pharmacies across the northeastern Catalonia region seeing the biggest impact.

While the affected company is one of the leading distributors to Catalan pharmacies, the industry has been able to cope with medicines supplies as they work with different distribution companies.

read more

Spanish Aerospace Company targeted by North Korean Lazarus Gang

September 29, 2023

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus — an infamous group that has stolen billions from cryptocurrency firms over the last two years.

The North Korean ‘Lazarus’ hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown ‘LightlessCan’ backdoor. The hackers utilized their ongoing “Operation Dreamjob” campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Employees of the unnamed company were sent messages on LinkedIn from a fake Meta recruiter and tricked into opening malicious files that purported to be coding quizzes or challenges. When opened, the files infect a victim’s device with a backdoor that would allow the hackers to conduct espionage, according to ESET.

read more

Customers’ Credit Card details Stolen at Spanish Airline: Air Europa

October 9, 2023

Spanish airline Air Europa, the country’s third-largest airline and a member of the SkyTeam alliance, warned customers on Monday 9 October to cancel their credit cards after attackers accessed their card information in a recent data breach. “We inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data,” Air Europa said in emails sent to affected individuals and seen by BleepingComputer.

The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code on the back of the payment cards. Air Europa warned affected customers to ask their banks to cancel their cards used on the airline’s website due to “the risk of card spoofing and fraud” and “to prevent possible fraudulent use.”

read more

Ransomware Attack Suspends All Services at Seville City Council – $1.5M Ransom Demanded

September 6, 2023

The Seville City Council has returned to paper notes and in-person procedures after suffering the hijacking of its computer systems by a group of cybercriminals, as confirmed by the City Council. The pirates demand a ransom of more than one million euros and the City Council refuses to pay or agree “with cybercriminals”

The hackers have claimed up to one and a half million dollars (1,396,642 euros) from the municipal government, although it has assured that “in no case will it negotiate with cybercriminals.” It is the second successful attack on the municipal website in three years.

All services have been affected.

read more

Seville Urban Transportation affected by cyberattack

November 6, 2022

The urban transport company of Seville (Tussam) has suffered a cyberattack that has disabled both the Tussam mobile application (App) and the information panels at bus stops that warn of the frequency of passage of the different lines.

The Seville Urban Transport Company (TUSSAM) disclosed that both the mobile application and the information panels at bus stops were disabled as a result. Resorting to manual means guaranteed the provision of public service at all times. The operation of the App and the website remained offline.

read more

Global Airline Technology Provider Accelya Hacked by AlphV/Black Cat.

August 23, 2022

Accelya, a technology provider for many of the world’s largest airlines, said it recently dealt with a ransomware attack impacting some of its systems.

Accelya provides services to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and many more. The company confirmed Tuesday that company data was posted on a ransomware leak site. The AlphV/Black Cat ransomware group published data it allegedly stole from Accelya last Thursday. The group claimed to have stolen emails, worker contracts and more.

read more

Barcelona’s Damm Brewery Ransomware Attack

November 9, 2021

Spain’s second biggest beer maker Damm halted output at its main brewery outside Barcelona after a cyber attack hit its computer systems earlier this week, a spokesperson said November 12.
The attack hit the brewery on Nov. 9 night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”, said Olga Vidal, Damm’s head of communications.
A Damm spokesperson said the brewery had suffered a “computer incident in the operating system,” which was “under investigation.”
The same spokesperson said the brewery had activated its emergency response plan and was now working to restore production to its normal level.
Sources close to the brewery said the attack would have been more catastrophic had it taken place in the summer months when more beer is consumed. At that time of year, stocks only last around three days.

read more

Malware a Factor in Spanair Plane Crash

January 1, 2011

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more