Spanish authorities have apprehended a suspected hacker in Alicante responsible for orchestrating 40 significant cyberattacks against critical institutions worldwide. The suspect, who targeted high-profile organizations including NATO, the US Army, and various Spanish government agencies, was released under court supervision with his passport confiscated.

The investigation began in early 2024 following a data breach at a Madrid business association. The hacker, operating under three different aliases, targeted numerous organizations including:

• NATO and US Army databases
• Spanish Ministry of Defense
• Guardia Civil
• The National Mint and Stamp Factory
• Multiple Spanish universities
• The United Nations
• International Civil Aviation Organization (ICAO)
• Various other government institutions

The suspect allegedly accessed sensitive databases containing personal information and internal documents, which were subsequently sold or leaked on dark web forums, particularly BreachForums. Using the alias ‘natohub,’ the hacker successfully sold data from several high-profile breaches, including those affecting NATO and military organizations.

Despite employing anonymization techniques, the suspect was tracked down through collaborative efforts between the National Cryptologic Center (CCN), Europol, and US Homeland Security Investigations (HSI). During the arrest, authorities seized multiple computers, electronic devices, and 50 cryptocurrency accounts.

The suspect faces potential charges including illegal system access, computer damages, and money laundering, with maximum penalties of up to 20 years imprisonment under Spanish law. The investigation remains ongoing, with authorities not ruling out additional offenses or accomplices.