A suppressed cyberattack on the Spanish CSIC network revealed a Russian origin

Image of what a hacker might look like. Credit: Fam Veld/Shutterstock.com

A cyberattack that hit Spain’s CSIC network two weeks ago has been revealed to have originated in Russia.

As the Ministry of Science and Innovation reported on Tuesday, August 2, Spain’s CSIC (Higher Council for Scientific Research) was the target of a cyberattack originating from Russia on July 16 and 17, and is still affected, according to Larazon. are.

The organization and its affiliated centers had to disconnect from the Internet as a result, in an attempt to prevent the attack from spreading to CPISC centers not yet affected. Since the attack, only a quarter of the centers have regained their internet connection, although the government has said it hopes the problem will be resolved in the coming days.

This incident was initially covered up by the government, but after a letter was published in the ABC newspaper yesterday, Monday August 1, word quickly began to spread. The letter was sent by Pablo Chacon, a CSIC investigator.

Chacon referred to a “minor and localized computer attack” which led the Spanish cybersecurity authorities to “disconnect the entire Higher Council for Scientific Research from the Internet ‘sine die'”. It’s an ongoing situation, Chacon assured, which he called “shameful, the main investigative agency is inoperative and nobody cares”.

CSIC workers and researchers have been denouncing the situation on social networks for a few days. Antonio Turiel, a research scientist at CSIC’s Institute of Marine Sciences, pointed to the situation yesterday, saying that “the services are protected to avoid repetition”.

Meanwhile, German Tortosa, research technician at the Zaidin Experimental Station, a center belonging to the CSIC, assured this Sunday August 1 that: “The attack was contained by disconnecting us all at the same time, and now they are checking all the CSIC equipment one by one”.

The attack was detected on July 18 when “the protocol marked by the Cybersecurity Operations Center (COCS) and the National Center for Cryptology (NCC) was immediately activated”.

As a result, CSIC and associated centers were disconnected from the Internet, a situation that still persists in most of them. “This attack is similar to that suffered by other research facilities such as the Max Planck Institute or the United States National Aeronautics and Space Administration (NASA),” the ministry said.

No specific details about the attack were released by the government, although it said it was ransomware. This is a type of cyberattack in which affected computers are encrypted without their users being able to open them, usually until the victim pays a ransom.

In order to decrypt them and regain control, the ministry assures that “no loss or removal of sensitive and confidential information has been detected”.

Back To Top