Kelvin Security cybercrime gang suspect seized by Spanish police
A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week.
Spain’s National Police arrested a Venezuelan man in Alicante on Thursday, in the belief that he is connected to the Kelvin Security gang.
In an announcement posted on Telegram, Spanish police described Kelvin Security as one of the world’s most important malicious hacking groups, having carried out over 300 attacks in more than 90 countries in the last three years.
Victims of the cybercrime gang have included city councils in Madrid, Seville, Badajoz, and the local government of Castilla-La Mancha, with attacks typically seeing malicious hackers exploit vulnerabilities to access login credentials and steal confidential information that they later sell through dark web criminal forums.
Kelvin Security has sometimes attempted to present itself as a penetration testing service, claiming – somewhat unconvincingly – that its intention is to warn hacked companies about security problems on their networks, but then later offering stolen data for sale after breached firms ignore their advances.
It should go without saying that a desire to expose security weaknesses is no excuse for selling exfiltrated sensitive data on the dark web that cybercriminals and fraudsters can exploit.
The Italian branch of Vodafone is one alleged past victim of the Kelvin Security gang; in September last year, the gang offered to sell 310 GB of data they claimed they had stolen from the telecoms group.
It is understood that an unnamed multinational energy company also fell victim to the cybercrime gang in the middle of last month, having had a database exfiltrated from its servers containing details of over 85,000 clients.
The man arrested in Spain last week – who has not been named – was described by police as a central part of Kelvin Security’s money-making operation, responsible for laundering funds through cryptocurrency exchanges.
A video released by Spanish police shows footage of officers raiding the suspect’s home for evidence before taking the suspect into custody.
The arrested individual faces charges related to his membership of a criminal group, organisation, money laundering, and computer misuse.
More details of the investigation have been shared in a police press release, where they describe how last week’s arrest was the latest step in an investigation that began in December 2021.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.