Spain: Number of cyberattacks against critical infrastructure rose by 43% in 2024 and are 'typically state-sponsored,' report finds
-
Cipher, the cybersecurity division of Prosegur Group, has reported a 43% increase in cyberattacks against essential service operators in Spain during 2024. Its cyber intelligence division, Unit x63, highlights the focus on the energy sector, as critical infrastructure, which accounted for 9% of the total. This upward trend, continuing into 2025, points to a growing number of threats from espionage, sabotage and the exfiltration of sensitive data, reflecting the increasing sophistication and persistence of cyber attackers.
In early 2025, Cipher’s Unit x63 confirmed that several Spanish energy companies were targeted by ransomware campaigns, hit by data leaks and the subsequent sale of information on underground forums. Globally, geopolitical tensions have intensified attacks on sensitive infrastructure.
[...]
Threat landscape: key types of cyberattack targeting the energy sector.
Cyberespionage in the energy sector aims to covertly obtain critical information such as facility blueprints, proprietary technologies and strategic contracts. These attacks are typically state-sponsored or executed by Advanced Persistent Threat (APT) groups looking to gain geopolitical or economic advantage—or laying the groundwork for future sabotage [...]
Cyber sabotage in the energy sector seeks to disrupt or damage critical operations by targeting industrial systems such as SCADA, ICS, or PLCs. Unlike espionage, these attacks aim for destruction and demand high levels of sophistication, often linked to nation state [...]
Destructive malware has become a frequent weapon in geopolitical conflicts, severely impacting the energy sector, and is designed to erase data, disable systems, or sabotage operations. They can temporarily shut down businesses and cripple key infrastructure [...]
Hacktivist activity in the energy sector is on the rise in 2025, driven by political, social, and ideological motives [...] Pro-Russian collectives like NoName057(16) have launched DDoS campaigns against Western critical infrastructure. In 2024, a new group named “Mr. Hamza” emerged with strong anti-globalist rhetoric [...]
In 2025, disinformation campaigns aimed at the energy sector have intensified, seeking to erode public confidence in both governments and companies. Russian-led operations in Eastern Europe have targeted efforts to diversify away from Russian gas [...]
Cipher’s Unit x63 has identified a growing number of threats to the energy sector from state or para-state actors focused on espionage, sabotage, and strategic control. Russia remains the leading aggressor, with veteran groups such as Sandworm and APT28 expanding their activities across Europe.
[...]
China, Iran and North Korea have also stepped up operations. China's Volt Typhoon, active since 2023, and Iranian groups APT34 and CyberAvengers are behind global campaigns against critical infrastructure. North Korean units such as Lazarus and Kimsuky focus on energy and nuclear information. Additionally, the presence of cyber mercenaries developing tailored malware for state clients further complicates attribution and heightens supply chain risks.
[...]
-
Cipher, the cybersecurity division of Prosegur Group, has reported a 43% increase in cyberattacks against essential service operators in Spain during 2024. Its cyber intelligence division, Unit x63, highlights the focus on the energy sector, as critical infrastructure, which accounted for 9% of the total. This upward trend, continuing into 2025, points to a growing number of threats from espionage, sabotage and the exfiltration of sensitive data, reflecting the increasing sophistication and persistence of cyber attackers.
In early 2025, Cipher’s Unit x63 confirmed that several Spanish energy companies were targeted by ransomware campaigns, hit by data leaks and the subsequent sale of information on underground forums. Globally, geopolitical tensions have intensified attacks on sensitive infrastructure.
[...]
Threat landscape: key types of cyberattack targeting the energy sector.
Cyberespionage in the energy sector aims to covertly obtain critical information such as facility blueprints, proprietary technologies and strategic contracts. These attacks are typically state-sponsored or executed by Advanced Persistent Threat (APT) groups looking to gain geopolitical or economic advantage—or laying the groundwork for future sabotage [...]
Cyber sabotage in the energy sector seeks to disrupt or damage critical operations by targeting industrial systems such as SCADA, ICS, or PLCs. Unlike espionage, these attacks aim for destruction and demand high levels of sophistication, often linked to nation state [...]
Destructive malware has become a frequent weapon in geopolitical conflicts, severely impacting the energy sector, and is designed to erase data, disable systems, or sabotage operations. They can temporarily shut down businesses and cripple key infrastructure [...]
Hacktivist activity in the energy sector is on the rise in 2025, driven by political, social, and ideological motives [...] Pro-Russian collectives like NoName057(16) have launched DDoS campaigns against Western critical infrastructure. In 2024, a new group named “Mr. Hamza” emerged with strong anti-globalist rhetoric [...]
In 2025, disinformation campaigns aimed at the energy sector have intensified, seeking to erode public confidence in both governments and companies. Russian-led operations in Eastern Europe have targeted efforts to diversify away from Russian gas [...]
Cipher’s Unit x63 has identified a growing number of threats to the energy sector from state or para-state actors focused on espionage, sabotage, and strategic control. Russia remains the leading aggressor, with veteran groups such as Sandworm and APT28 expanding their activities across Europe.
[...]
China, Iran and North Korea have also stepped up operations. China's Volt Typhoon, active since 2023, and Iranian groups APT34 and CyberAvengers are behind global campaigns against critical infrastructure. North Korean units such as Lazarus and Kimsuky focus on energy and nuclear information. Additionally, the presence of cyber mercenaries developing tailored malware for state clients further complicates attribution and heightens supply chain risks.
[...]
wrote on last edited by [email protected]So nazi germany had blitzkrieg while russia, north korea and china have cyber attacks