The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020.
News of the arrest of a leader of the financial component of the group was posted to the Spanish National Police's Telegram channel Sunday morning, stating that the threat actors are linked to attacks on government institutions across Spain, Germany, Italy, Argentina, Chile, Japan, and the United States.
Kelvin Security is a hacking group believed to have been active since 2013, leveraging vulnerabilities in public-facing systems to obtain valid user credentials and steal confidential data from breached systems.
The threat actors were active on hacking forums, such as RaidForums and BreachForums, where they would sell the stolen data or leak it for free to other threat actors.
Two notable examples of Kelvin Security breaches are an attack on Vodafone Italia in November 2022 and a breach on U.S. consulting firm Frost & Sullivan in June 2020.
In both cases, Kelvin Security attempted to sell the data they had obtained from the victimized companies on hacker forums.
More recently, in April 2023, cybersecurity firm Cyfirma reported discovering links between Kelvin Security and ARES, a newly-emerged cybercrime platform dedicated to selling databases stolen from state organizations.
The Spanish police said the law enforcement operation involved multiple police units and was coordinated by the Alicante Prosecutor's Office.
According to the document, the police arrested one of Kelvin Security's leaders, a Venezuelan national, in Alicante on December 7, 2023.
The threat actor was primarily involved in laundering the criminal proceeds obtained through sales of stolen data, using cryptocurrency exchanges to make it harder to trace the money.
The police say the investigation on the group started in December 2021, which shows how complicated it is to track and identify cybercriminals.
The police confiscated several electronic items for forensic investigation in the hope that they would lead to the identification of co-conspirators, data buyers, affiliates, and others.
Law enforcement shared a video showing the raid on the threat actor's home and their arrest.
Spain arrests 34 cybercriminals who stole data of 4 million people.
Police takes down BulletProftLink large-scale phishing provider.
Pirate IPTV network in Austria dismantled and $1.74 million seized.
HTC Global Services confirms cyberattack after data leaked online.
Tipalti investigates claims of data stolen in ransomware attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 11 Dec 2023 14:30:08 +0000