The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020.
News of the arrest of a leader of the financial component of the group was posted to the Spanish National Police's
Telegram channel Sunday morning, stating that the threat actors are linked to attacks on government institutions across Spain, Germany, Italy, Argentina, Chile, Japan, and the United States.
"The group's main objectives are critical infrastructure and government institutions, having attacked the City Councils of Getafe (Madrid), Camas (Seville), La Haba (Badajoz) and the Government of Castilla-La Mancha in Spain," reads the machine-translated Telegram post.
Kelvin Security is a hacking group believed to have been active since 2013, leveraging vulnerabilities in public-facing systems to obtain valid user credentials and steal confidential data from breached systems.
The threat actors were active on hacking forums, such as RaidForums and BreachForums, where they would sell the stolen data or leak it for free to other threat actors.
Two notable examples of Kelvin Security breaches are an attack on
Vodafone Italia in November 2022 and a breach on U.S. consulting firm
Frost & Sullivan in June 2020.
In both cases, Kelvin Security attempted to sell the data they had obtained from the victimized companies on hacker forums.
More recently, in April 2023, cybersecurity firm Cyfirma reported discovering links between Kelvin Security and
ARES, a newly-emerged cybercrime platform dedicated to selling databases stolen from state organizations.
