A computer infected with malware. / efe

Huge increase in cyberattacks since Russia declared Spain a "hostile country"

So far security experts say the danger level of these attacks has been low to medium, as if those responsible are issuing a warning


In the past month institutions and companies in Spain have suffered one of the biggest waves of cyberattacks ever. The sabotage campaign picked up again hours after the Kremlin included Spain on its list of ‘hostile countries’ because of its economic and military support for Ukraine, along with around 50 others.

For the moment, Spanish and US intelligence services say there are signs that the Russian secret services and their groups of paid hackers could be behind two of the most serious incidents. The first was the cyberattack suffered by Iberdrola on 15 March, when personal information about 1.3 million clients was stolen.

IP addresses

The second was the sabotage of the Spanish parliament systems on 24 March, carried out simultaneously on a large number of computers. A lot of the IP addresses detected by investigators were located in Siberia, which is regularly used by Russian hackers for launching attacks of this type. So far, experts say, despite the size of the offensive, the danger level of these attacks has been low to medium, as if those responsible were just “giving a warning”.


In fact, none of the recent cyberattacks have been as effective as the sabotage a year ago when SEPE services were affected for weeks by an attack of ransomware called ‘Ryuk’, created in 2018 and managed by “Russian cybercriminals”, according to Spanish intelligence sources. There were several reasons to believe this was carried out by the Kremlin, especially because the attackers did not ask for money in order to deactivate the data-grabbing programme.

The Spanish government believes these attacks are a very real threat, and on 30 March, as part of the macro-decree to alleviate the effects of the war in Ukraine, it introduced a measure to allow the administrations to bypass legal deadlines to avoid chaos and an avalanche of lawsuits in the event that “as a consequence of a cyber-incident the services and systems used for the processing of procedures is seriously affected”.