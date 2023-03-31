Spain dismantles hacker network that attacked companies in 16 countries

Eduardo Najar



March 30, 2023 – 11:14 PM

The Civil Guard has dismantled a criminal organization specialized in telematic scams and has arrested 25 people and investigated two others who, from different parts of Spain, attacked companies around the world, with victims in Germany, Australia, Brazil, Cyprus, Scotland, the United States, France, the Netherlands, Italy, Japan, Poland, Portugal, Romania, Switzerland, Turkey and Vietnam.

In the operation, 25 people have been arrested and another two investigated in the towns of Alicante, Hellín (Albacete), Lorca (Murcia), Guadalajara, Parla and Pinto (Madrid), Seseña (Toledo), Seville and Valencia, to which They are accused of the alleged crimes of technological fraud, money laundering, discovery and disclosure of secrets, falsification of documents, identity theft, seizure of assets, against the Public Treasury, punishable insolvency and constitution of a criminal organization.

This was announced this Thursday by the Civil Guard, which has indicated that in the operation nine searches have been carried out at homes and commercial offices in the towns of Alicante, Caravaca de la Cruz (Murcia), Fuenlabrada and Parla (Madrid), Seseña (Toledo) and Valencia.

In these searches, numerous computer and telecommunications devices, 54 credit cards and documentation have been seized. Likewise, 42,700 euros have been seized, including cash and money that has been blocked in the authors’ accounts in 137 bank accounts, and a total of 400 bank accounts used by the criminal group have been investigated.

The agents have been able to prove the fraud of more than two million euros to 23 companies located in 16 different countries, although it is estimated that the total defrauded amounts to five million euros and that the number of companies affected may be around 100 .

In this operation, called ‘Balrog’, the Civil Guard began to investigate when a series of scams were detected in which computer methods known as ‘Man in the middle’, ‘CEO Fraud’ and ‘Business Email Compromise’ were being used. ‘, three similar modalities in which fraudsters intercept communications via email that companies maintain with their customers to sneak in and thus manage to deceive both parties to divert payments to their accounts.

The bank accounts used by the organization were in the name of individuals and companies created expressly for this, or real companies in a bad economic situation and recruited for this purpose.

From a main matrix located in Lagos (Nigeria) it is from where they carried out the computer attacks directed at companies located anywhere in the world. Likewise, attacks carried out from the United States, the Netherlands, Ireland and the United Kingdom have also been detected.

The alleged criminal network hired money mules to open accounts or assign their own and thus receive and transfer the money from the fraud. Sometimes they used a VPN (Virtual Private Network), a virtual private network that offers an encrypted connection for the exchange of data between the computer from which it operates and the Internet, so that the IP remains hidden and makes it difficult to locate.

The methods used, such as Man in the middle, CEO fraud and Business Email Compromise, consist of a type of cyberattack in which criminals spy on communications between two or more devices. In this way, the criminal can read, add and modify messages between client and provider. When it detects messages associated with payments, it intervenes by pretending to be one or both parties, substituting bank information. In turn, it sends messages to the company justifying the delay in payment, which allows them to save time.

