A suspected cybercriminal, known by the alias Natohub on Breach Forums, has been arrested in Calpe, Alicante, following a joint operation by the National Police and the Civil Guard. The individual is accused of conducting over 40 cyberattacks targeting both public and private entities in Spain and abroad, resulting in the compromise of personal data and sensitive documents.
The Spanish government institutions reportedly affected include the Civil Guard, Ministries of Defence and Education, the National Currency and Timbre Factory, several Spanish universities, and the Generalitat Valenciana. Additionally, databases belonging to international organizations such as NATO, the US Army, the United Nations, and the International Civil Aviation Organization (ICAO) were also targeted.
Last month, ICAO publicly acknowledged the security breach after information leaked by Natohub on Breach Forums indicated the compromise of data from 42,000 recruitment application records dating back to April 2016. The cybercriminal forum also claimed to possess personal data belonging to 14,000 UN delegates.
The arrest of the suspect followed an intensive investigation into unauthorized access, data disclosure, system damage, and money laundering activities. The probe was initiated in February 2024 after a Madrid business association reported their data being published on a specialized data leak forum. Subsequent investigations revealed a series of cyberattacks occurring throughout the year, leading to the apprehension of the suspect in late December.
Authorities noted that the individual targeted international agencies and governmental organizations by gaining access to databases containing personal information of employees and clients, as well as internal documents that were either sold or published in online forums. The suspect utilized anonymous messaging apps and specialized navigation tools to create a complex technical network that posed a challenge for investigators to track.
During the arrest, the authorities confiscated computer equipment, an iPhone, and approximately 50 cryptocurrency accounts containing various types of cryptoassets from the suspect’s residence. Reports from Spanish news outlet Larazon suggest that the arrested individual is an 18-year-old who was released after appearing in court, subject to the confiscation of their passport.
The National Cryptological Centre (CCN) of the National Intelligence Centre (CNI), EUROPOL, and the US Homeland Security Investigations (HSI) collaborated in this operation to bring down the cybercriminal. This arrest is part of a broader effort by Spanish law enforcement to combat cybercrime, working closely with international agencies to dismantle cybercriminal operations stemming from Spain.
In conclusion, the arrest of Natohub has shed light on the severity of cybercrimes affecting both domestic and international entities, emphasizing the importance of collaborative efforts in combating cyber threats and securing sensitive information.