National police arrest suspect linked to Kelvin Security hacking group
A suspect believed to be part of the Kelvin Security cybercrime network was detained by national police authorities. The group has conducted numerous intrusions into institutions and companies across multiple countries, including Spain. The individual is accused of membership in a criminal organization, disclosure of confidential information, computer damage, and money laundering.
The investigation began in early December 2021 after agents detected a pattern of highly coordinated cyber intrusions. Police reports describe sophisticated attacks targeting the information systems of municipal bodies and government offices, including Getafe’s City Council and Camas in Seville. Later movements in the case indicated additional targets, such as the La Haba City Council in Badajoz and regional government offices in Castilla-La Mancha.
Through painstaking digital forensics, investigators traced the attacks to the Kelvin Security forum activities on the Dark Web. The group reportedly posted details of breaches and exposed sensitive data, showing a tendency to share information with actors affiliated with foreign nations and operated through covert cybercrime channels.
Officials described how the group exploited weaknesses in websites, software platforms, and data storage services used by strategic institutions and organizations worldwide. The breaches allowed the extraction of vast quantities of sensitive information from internal records, customers, employees, and users.
more than 90 countries
Kelvin Security, with initial network activity dating back to 2013, allegedly monetized unlawfully obtained data by selling it through illicit channels. The group is said to have targeted more than 300 organizations across over 90 countries in the preceding three years. Spanish victims reportedly included nations such as the United States, Germany, Italy, Argentina, Chile, and Japan.
The latest reported breach occurred at the headquarters of a major energy company in mid-November 2023. Investigators say a database containing confidential information for more than 85,000 customers was compromised, underscoring the scale of the intrusion and potential impact on individuals and clients.
Cyber threat specialists who led the inquiry identified the detained individual as a principal actor in money laundering linked to the group’s illicit activities. Authorities say the person operates mainly through cryptocurrency exchanges and other digital finance tools to move funds.
During the arrest, authorities examined residence records and confiscated multiple items while cyber investigators continued to verify technical details. The detainee was brought before the alicante Instruction Court to face formal processing and potential detention.
The operation was directed by the General Commissioner for Information and carried out in coordination with the Alicante Provincial Information Brigade and the Alicante Prosecutor’s Office. The proceedings fall under the jurisdiction of Alicante Instruction Court Five, reflecting a multi-agency effort to dismantle this criminal network.