No sensitive data was accessed and no ransom has been received, says the government. / sur

Spain's CSIC technology body still recovering from 'Russian' cyberattack two weeks ago

The Spanish government detected the attempted sabotage on 18 July and blames hackers backed by the Kremlin, but says they did not access sensitive data


The Consejo Superior de Investigaciones Científicas (CSIC), which is the heart of technology and innovation in Spain, has still not fully recovered from a cyberattack which occurred on 16 and 17 July and was detected a day later.

The sabotage took the form of ransomware – a malicious programme which generally impedes access to a computer’s basic functions – and according to the intelligence services it was the work of hackers backed and paid for by Vladimir Putin’s government. Two weeks later, some sections of the CSIC still have no internet connection.

Experts at the National Intelligence and Cryptology Centre (CCN) say the hackers were trying to hijack information from as many CSIC databases as possible. On Tuesday the Ministry of Science and Innovation issued a short statement confirming that the attack had been detected on 18 July and that the emergency protocol had immediately been implemented. The note said no sensitive or confidential information had been lost or stolen and that the attack was similar to those at the Max Planck Institute in Germany and Nasa.

Since March, when Russia added Spain and around 50 other countries to its list of ‘hostile countries’ because of their financial and military support for Ukraine, Spanish authorities have been on full alert in view of the threat the Kremlin poses to cybersecurity.

For specialists at the CCN there is no doubt, given the nature of this attack and other undisclosed factors, that Russia’s most dangerous groups of hackers – Fancy Bear and, especially, Cozy Bear – are behind the latest attempt at sabotage. Intelligence experts say the attacks are being carried out from computers based in Siberia, using ‘mirror’ systems.