Hushed-up cyberattack on Spain’s CSIC network revealed to be of Russian origin

It has been revealed that a cyberattack that hit Spain’s CSIC network two weeks ago originated from Russia.

As reported by the Ministry of Science and Innovation, on Tuesday, August 2, Spain’s CSIC (Higher Council for Scientific Research) was the target of a cyberattack of Russian origin, on July 16 and 17, and is still affected, according to larazon.es.

The body and its affiliated centres had to disconnect from the internet as a result, in an attempt to prevent the attack from spreading to those CSIC centres not yet affected. Since the attack, only a quarter of the centres have recovered their internet connection, although the Government has said it hopes that the problem will be solved in the coming days.

This incident had initially been hushed up by the government, but after the publication of a letter in the ABC newspaper yesterday, Monday, August 1, word quickly started to spread. The letter had been sent in by Pablo Chacon, a CSIC investigator.

Chacon spoke of a “minor and localised computer attack” that led the Spanish cybersecurity authorities to “disconnect the entire Higher Council for Scientific Research from the Internet ‘sine die'”. It is an ongoing situation assured Chacon, which he described as “shameful, the main investigative agency is inoperative and nobody cares”.

Workers and researchers from the CSIC had been denouncing the situation on social media for some days. Antonio Turiel, a scientific researcher at the CSIC’s Institute of Marine Sciences, pointed out the situation yesterday, claiming that “services are being shielded to avoid repetitions”.

Meanwhile, German Tortosa, a research technician at the Zaidin Experimental Station, a centre belonging to the CSIC, assured this Sunday, August 1, that: “The attack was contained by disconnecting us all at the same time, and now they are checking all the CSIC equipment one by one”.

The attack was detected on July 18 when “the protocol marked by the Cybersecurity Operations Centre (COCS), and the National Cryptologic Centre (CCN), was immediately activated”.

As a consequence, the CSIC and associated centres were disconnected from the internet, a situation that still persists in most of them. “This attack is similar to that suffered by other research facilities such as the Max Planck Institute, or the United States National Aeronautics and Space Administration (NASA)”, the ministry said.

No specific details about the attack have been released by the government, although it has indicated that it is of the ransomware type. That is a type of cyber attack in which the affected computers are encrypted without their users being able to open them, usually until the victim pays a ransom.

In order to decrypt them and regain control, the ministry assures that “no loss or kidnapping of sensitive and confidential information has been detected”.