Spanish Authorities Arrest Alleged Hacker Behind Cyberattacks on 40+ Organizations

Spanish law enforcement officials have apprehended an individual suspected of carrying out cyberattacks against more than 40 organizations worldwide. The unnamed suspect, described as a "dangerous hacker," was arrested in the town of Calpe, located in Alicante province. Authorities believe he was responsible for numerous cyber intrusions and data leaks affecting both international and domestic entities.

During the operation, investigators searched the suspect's residence, seized electronic devices, and uncovered over 50 cryptocurrency accounts. These findings suggest the individual was involved in financially motivated cybercrime activities, likely profiting from the sale of stolen data.

Who is the Suspect?

While the identity of the arrested hacker has not been disclosed, Spanish news outlets report that he is an 18-year-old male. Authorities suspect he played a significant role in targeting high-profile institutions, including:

• International Organizations: NATO, the United Nations (UN), the U.S. Army, and the International Civil Aviation Organization (ICAO).

• Spanish Institutions: The Spanish Mint, universities, government agencies, and law enforcement bodies.

The widespread nature of these attacks underscores the suspect’s ability to infiltrate well-protected systems, possibly leveraging advanced hacking techniques or exploiting vulnerabilities in critical infrastructure.

Links to BreachForums and the 'Natohub' Alias

Many of the cyberattacks attributed to the suspect had been publicly claimed on the BreachForums cybercrime forum by a user known as Natohub. Authorities, however, stated that the suspect had operated under at least three different online aliases, indicating a deliberate effort to mask his digital footprint.

Between June 2024 and January 2025, Natohub was responsible for at least 18 posts announcing successful data breaches on BreachForums. The stolen data was either:

• Sold to interested buyers.

• Leaked for free, likely to increase notoriety within the hacking community.

Among the compromised data sets, personal information and sensitive documents from various organizations were exposed. The ICAO confirmed that tens of thousands of recruitment applications were stolen from one of its databases, raising concerns over identity theft and national security risks.

Impact of the Arrest

Following the hacker’s arrest, BreachForums permanently banned the Natohub account, cutting off access to further activity on the platform. This move indicates that even in underground cybercrime circles, significant law enforcement actions lead to immediate disruptions.

Authorities are now working to assess the full extent of the damage caused by these breaches. The investigation will likely focus on:

1. Identifying additional accomplices who may have been working with or purchasing stolen data from the suspect.

2. Determining the exact attack methods used to infiltrate government and corporate networks.

3. Tracking stolen data to prevent further misuse.

Conclusion

This case highlights the increasing global threat posed by young cybercriminals who, despite their age, can launch sophisticated attacks on major institutions. The arrest serves as a reminder of the importance of cybersecurity and the ongoing battle between law enforcement agencies and threat actors operating in dark web forums.

While the investigation continues, cybersecurity experts emphasize the need for robust security measures, continuous monitoring, and stricter regulations to prevent future cyberattacks on critical infrastructure.