Kelvin Security hacking group leader arrested in Spain

Spanish authorities have apprehended one of the purported ringleaders of the ‘Kelvin Security’ hacker syndicate, suspected of orchestrating about 300 cyber assaults on various entities across 90 nations since 2020.

The Spanish National Police’s Telegram channel reported the arrest of a prominent figure in the financial division of the group. The individuals involved in these activities are connected to the targeting of government institutions in Spain, Germany, Italy, Argentina, Chile, Japan, and the United States.

The machine-translated Telegram post states that the group’s primary targets are critical infrastructure and government institutions. They have carried out attacks on the City Councils of Getafe (Madrid), Camas (Seville), La Haba (Badajoz), and the Government of Castilla-La Mancha in Spain.

Kelvin Security is a cybercriminal organization that has been operational since 2013. They exploit weaknesses in publicly accessible networks to acquire legitimate user credentials and pilfer sensitive information from compromised systems.

The threat actors were engaged in online platforms dedicated to hacking, such as RaidForums and BreachForums, where they would either sell the pilfered data or distribute it free of charge to other threat actors.

Two prominent instances of Kelvin Security breaches include a cyber attack on Vodafone Italia in November 2022 and a security breach on the U.S. consulting firm Frost & Sullivan in June 2020.

On both occasions, Kelvin Security made efforts to sell the data they had acquired from the targeted companies on online platforms frequented by hackers.