The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country’s radioactivity alert network (RAR) between March and June 2021.
The RAR system is a mesh of gamma radiation detection sensors, deployed across the country in order to detect anomalous radiation levels and take protective measures to prevent damage to the environment and the population. The sensors are connected by telephone to the control center at the DGPCE headquarters that gathers the measures and transmits the necessary orders to the sensors.
The suspects are former workers of a company in charge of the maintenance of the RAR system, for this reason, they had technical knowledge of the system.
The duo was identified after a year-long investigation, the police carried out searches at two homes and one company in Madrid and San Agustín de Guadalix. The agents found numerous computers and communications devices that were used in the attack.
The two suspects had access to the network of the General Directorate of Civil Protection and Emergencies (DGPGE) and were able to disconnect the sensors from the system reducing their detection capacity even in the environment of nuclear power plants.
The Cyberattack Group of the National Police, with the help of the DGPGE, determined that once the attackers gained access to the network attempted to delete the RAR management web application in the control center. The suspects targeted more than 300 sensors out of the 800 existing ones.
The cyber attacks terminated in June 2021,
In parallel, the duo launched individual attacks against sensors, taking down 300 out of 800 spread across Spain, essentially breaking their link to the control center and disrupting the data exchange.
The cyberattacks against RAR stopped in June 2021 after the security breach was discovered by the Spanish authorities.
“During the investigation it was determined that the two detainees had been responsible for the maintenance program of the RAR system, through a company contracted by the DGPCE, for which they had a deep knowledge of it that made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship, significantly increasing the difficulty of the investigation.” reads the announcement published by Policia National.
The police did not provide additional details about the attack, at this time the motivation behind the attack is unknown.
(SecurityAffairs – hacking, Zyxel)