Cybercrime , Fraud Management & Cybercrime

Spain Arrests Alleged Kelvin Security Money Laundering Head

Venezuelan National Detained on Mediterranean Coast on Sunday
Spain Arrests Alleged Kelvin Security Money Laundering Head
Police in Alicante, Spain detained an alleged money launder for Kelvin Security. (Image: Spanish National Police)

Spanish national police on Sunday arrested an alleged key money laundering figure in the profit-seeking Kelvin Security hacking operation who reportedly entered the country as a tourist.

See Also: How to Build Your Cyber Recovery Playbook

Authorities opened an investigation into the group in December 2021 after hackers penetrated systems belonging to the cities of Madrid, Sevilla and Badajoz as well as the regional government of Castilla-La Mancha.

The Ministry of the Interior said security experts attributed the attacks to Kelvin Security - at least partially - after seeing posts on criminal forums selling stolen data. The Spanish government calculated that Kelvin Security, which launched in 2013, has sold data taken from more than 300 organizations in 90 countries over the past three years. Threat intel firm Cyfirma said the group is likely based in Russia and has "a significant presence on deep and dark web forums."

The detained man - authorities are not revealing his name - is the head of Kelvin Security's money laundering operation, the ministry said, and he operates mainly in cryptocurrency. Video released by the ministry shows police searching for devices in what appears to be a residence and escorting a handcuffed man wearing a black hoodie to a waiting car.

Local media reported that the suspect had entered Spain on Nov. 18 with his wife and sister, traveling to the Mediterranean coastal city of Alicante. They didn't take a return flight to Venezuela scheduled for Nov. 29, and one reporter stated that the man is on a Caracas blacklist and had been hoping to leave the South American country.

Kelvin Security has claimed responsibility for a number of high-profile data breaches including that of Vodafone Italy, Dish México, a Chilean bank, New York consultancy Frost & Sullivan and carmaker BMW. Its strategy is to attack critical infrastructure and government agencies across the globe and exfiltrate logon credentials and sensitive internal information, the ministry said.

The threat actor's most recent attack was against the headquarters of an unnamed multinational energy firm, and it stole a confidential client list containing more than 85,000 names.

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.