Spain’s National Police dismantled a highly sophisticated cybercriminal network responsible for a series of sustained cyberattacks targeting critical infrastructure and public institutions. In a coordinated international operation dubbed “Borraska,” four individuals were arrested on Tuesday — two in Madrid, one in Córdoba, and one in Andorra. The suspects are accused of forming part of an advanced criminal organization engaged in cyberattacks, data exploitation, and money laundering.
The group operated under a compartmentalized and hierarchical structure, with each member holding a critical, specialized role. Authorities described the network as a “private intelligence service” that masked its illicit activities behind a façade of tech consultancy.
According to investigators, the group developed and maintained a robust technological infrastructure designed to avoid detection. This included cloud-distributed servers, end-to-end encryption, identity obfuscation techniques, and cryptocurrency-based financial operations. These methods enabled the group to operate in the shadows, targeting public bodies, energy companies, transport systems, telecom networks, and educational platforms across several countries.
The organization created a custom-built platform capable of storing, indexing, and monetizing massive volumes of personal and institutional data. This allowed it to develop detailed individual and organizational profiles, cross-reference information in real-time, and offer personalized intelligence services to third parties via encrypted communication channels on social networks.
Authorities revealed that the group functioned as a private intelligence network with clearly defined divisions: technological development, financial management via crypto assets, legal advisory, and international operations. One member was reportedly responsible for expanding the group’s reach abroad through established professional relationships.
The network laundered its operations through fake consulting services and shell companies, integrating into business and institutional environments with minimal suspicion.
The police officers have been able to recover critical cloud-based infrastructure and sensitive data that had been illegally obtained and processed, including the primary servers.
Among the recovered data were personal records tied to millions of citizens, including school records, civil registries, pet databases, public transit passes, phone logs, and utility billing information. Authorities believe that many of the affected institutions may have been unaware of the breaches or of the covert use of their data.
