The General Council of the Judiciary (CGPJ) announced in a press release that during the second half of October Cyber attack on Spanish public administration networkNoting that those affected were judicial neutral points (PNJs) and the telecommunications network that connects judicial bodies to other state institutions.
Juan Manuel Pascual (CEO of Innovation Spain and Latin America) specifies that “according to experts, Cybercriminals have had to obtain credentials illegally Earlier There are various groups and forums in the network where this type of information is for sale”.
CGPJ explains in the statement that “from that moment on” Cyber security measures adopted In order to prevent and neutralize these types of computer attacks”, moreover, according to the investigation, PNJ was used to access other public institutions.
When the cyber attack was detected, the CGPJ reported the facts to the Cyber Security Operations Center of the State General Administration and its Public Bodies (COCS) and the National Cryptologic Center (CCN-CERT). In the meantime, CGPJ informs Spanish data protection agency of attack (AEPD) and to the Directorate of Supervision and Control of Data Protection of the Governing Body of Judges.
At the moment, there are no credible clues in the investigation into the origins of the cyberattack, and it is not known whether it is a for-profit or if it comes from proactiveness. that’s all I know The attack was aimed at a judicial neutral point To reach out to various state agencies.
Pascual indicates that “according to the investigation, loss hackers All Platforms Accessed (Application systems and networks for administration). This forum is used by the Judicial Neutral Point, which rests on the General Council of the Judiciary.”
On the other hand, Francisco (General Director of Secure & IT) points out that “when a system is developed, such as PNJ, it is necessary to test it, especially if, in this case, there is access to such critical data. These The test is not that they should be only technical, but also organizational, to establish privileges, etc. But, for this, the administration must have the resources. There is a great need for digitization and establishment of technological measures for the administration of justice.As could already be verified, at the time, in the case of LexNET”.
How did the cyber attack happen?
Valencia determines that “there are still” it’s too early to tellSince it is being investigated. But, it looks like the attack will involve Request information from neutral point, since, it is a kind of bridge between the administrations. This great connectivity makes it a very exposed system. In fact, the CGPJ has assured in its statement that the PNJ has been used by the attackers to access other public institutions.
“for now authorship unknown of attack. It is said that a group of cybercriminals have taken responsibility for this fact,” points out Pascual, while Valencia adds that “it could be anyone, From criminal organizations to hacktivists, But, it certainly looks like it is a targeted and malicious attack, given its implications.”
Pascual reports that “so far It is not confirmed what type of data was leakedBut the SARA platform contains data that allows you to confiscate bank accounts, check criminal records, check unpaid fines if someone has been convicted of gender violence and even Whether the last income statement has been filed or not.
Meanwhile, Valencia concluded that “at the moment, we do not know exactly what information was leaked, as this is being investigated. But, due to the nature of the service it seems, it could have been affected.” Data of citizens who are in bases from which the NPC requests information,
sign up for us News bulletin And get the latest technology news in your email.