December 11, 2023 at 09:34AM
Spanish police have arrested a leader of the ‘Kelvin Security’ hacking group responsible for 300 cyberattacks in 90 countries since 2020. The group targeted government institutions and critical infrastructure, with notable breaches including Vodafone Italia and U.S. firm Frost & Sullivan. The arrest aims to uncover co-conspirators and data buyers.
From the meeting notes, it’s evident that the Spanish police have successfully arrested one of the alleged leaders of the ‘Kelvin Security’ hacking group. This group has been implicated in approximately 300 cyberattacks against organizations in 90 countries since 2020. The threat actors targeted critical infrastructure and government institutions, carrying out attacks in Spain, Germany, Italy, Argentina, Chile, Japan, and the United States.
Kelvin Security is known for leveraging vulnerabilities in public-facing systems to obtain valid user credentials and pilfer confidential data from breached systems. The stolen data was monetized through forums such as RaidForums and BreachForums, where it was sold or leaked to other threat actors. Notable breaches by Kelvin Security include an attack on Vodafone Italia in November 2022 and a breach on U.S. consulting firm Frost & Sullivan in June 2020.
Furthermore, there is a recent link between Kelvin Security and ARES, a cybercrime platform dedicated to selling stolen databases from state organizations. As part of the law enforcement operation, the police arrested the Venezuelan leader of Kelvin Security in Alicante on December 7, 2023. This individual was involved in laundering criminal proceeds obtained from the sale of stolen data, using cryptocurrency exchanges to obfuscate the transaction trail.
The investigation into Kelvin Security commenced in December 2021 and culminated in the arrest. The police seized electronic items from the suspect’s residence for forensic examination, aiming to identify co-conspirators, data buyers, affiliates, and others involved in the criminal activities. A video of the raid on the threat actor’s home and subsequent arrest has also been shared by law enforcement.
Overall, these meeting notes provide crucial insights into the successful arrest of a leader of the Kelvin Security hacking group, shedding light on the group’s activities and the ongoing efforts to identify and dismantle the cybercriminal network.