Spain arrests two suspected hackers for targeting radiation alert network

2 Aug 2022

Image: © filin174/

Spanish authorities claim a hack impacted 300 radiation alert systems last year, while a natural gas pipeline operator in Luxembourg was recently the victim of a ransomware attack.

Spanish police have arrested two people believed to be responsible for a cyberattack targeting the country’s radioactivity alert network (RAR) last year.

This network is a mesh of gamma radiation detection sensors, deployed in certain parts of Spain to monitor for excessive radiation levels. This is to ensure protective measures are taken to prevent damage to people and the environment.

Spanish police said the two suspects are former workers of a company contracted to maintain the RAR system, which gave them knowledge of the operation and how to launch an effective cyberattack.

Authorities added that the suspects were able to mask their involvement, which significantly increased the difficulty of the investigation.

According to a police statement, the hackers attacked 300 of 800 RAR systems between March and June last year, causing connection failures to these sensors and reducing their detection capacity “even in the environment of nuclear power plants”.

Authorities discovered the breach in June 2021 and began an investigation to determine the cause of the incident. The motive is currently unknown.

CRO of cybersecurity firm Claroty, Simon Chassar, said that while it’s good that Spanish authorities took the attack “extremely seriously”, it provides a stark reminder to secure cyber-physical devices within critical infrastructure industries.

“Cyber-physical devices such as internet of things (IoT) devices and industrial IoT (IIoT) are not always designed with security in mind, meaning they can have a number of vulnerabilities for threat actors to exploit,” Chassar said.

“Unfortunately, the systems that run the world are a prime target for hackers looking to cause disruption, so it’s vital that critical infrastructure organisations prioritise security across their entire environment.”

Luxembourg cyberattack

The threat to critical infrastructure was also made clear recently with an attack against Creos, a natural gas and electricity network operator in Luxembourg.

The company suffered a ransomware attack between 22 and 23 July, during which various entities of its parent company Encevo were targeted.

Encevo said a “certain amount of data” was exfiltrated from computer systems or made inaccessible by the hackers, but that there was no disruption to energy supplies.

Ransomware gang BlackCat has claimed responsibility for the attack. Researchers believe this gang includes members of the group responsible for the Colonial Pipeline cyberattack that occurred last year, TechMonitor reported.

EMEA director of technology at Illumio, Trevor Dearing, said the latest incident has “echoes of the unprecedented Colonial Pipeline attack” and is another demonstration of cybercriminals targeting critical infrastructure.

Dearing added that criminals are aiming to attack the commercial side of organisations, which has the potential of leaking across the production network and increases the chances of ransom demands being met.

“What’s more, in this case BlackCat posted details of the attack on their extortion platform, further piling the pressure on their victims to pay the ransom to have this retracted,” Dearing said.

“An increasingly lucrative industry, cyberattacks will be a recurring nightmare so long as organisations continue to rely and invest entirely on detection as though they can stop all breaches from happening.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic