InfoSecBulletin Cybersecurity for mankind
What just happened? Police in Spain have arrested a teenager named José Luis Huertas who they claim stole confidential data on more than half a million taxpayers from the national revenue service. The 19-year-old, who is known by multiple aliases including ‘Alcaseca,’ Mango,’ and ‘chimichurri,’ is also believed to be behind multiple other high-profile cyberattacks.
Policia Nacional said Huertas is one of the most dangerous hackers in the country, and is responsible for creating a search engine called ‘Udyat’ (‘The Eye of the Horus’) to facilitate the selling of stolen data. In an online interview, he also claimed to have access to the personal data of more than 90 percent of the Spanish population.
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks
Ivanti alerts ongoing exploitation of recently patched CAV
CISA unveils 25 new advisories for Industrial Control Systems
Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates
Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution
Fortinet admits data breach after hacker claims to steal 440GB
Gov.t issues high alert on android devices
The leaked data reportedly includes account numbers, bank balances, and other private and confidential information of Spanish citizens. Authorities believe Huertas would have used the stolen data to create an online database and sold it to third parties for a profit. According to investigators, much of his illegal activity was monetized through cryptocurrencies.
Huertas is described as a ‘serious’ national security threat by the Spanish police due to the magnitude of his cyberattacks and the sensitivity of the data he stole. He is said to be an expert in crypto assets and hiding the money trail with complex digital maneuvers meant to throw investigators off his scent.
According to Bleeping Computer, Huertas is also accused of stealing €300,000 from Paolo Vasile, the CEO of Gestevisión Telecinco/Mediaset España. Other charges against him include attacking high-state institutions and money laundering.
His arrest was the result of an investigation that started in November 2022 after he allegedly hacked into the computer network of the General Council of the Judiciary and accessed sensitive data controlled by several public institutions, including the State Tax Administration Agency.
Huertas is said to have lived a life of luxury that the police say is not commensurate with his age, especially for someone without a steady source of income. He allegedly made expensive trips, wore luxury labels, frequented fashionable entertainment venues, and even drove a ‘high-speed vehicle.’
Following his arrest, police conducted a search of his home and other properties, seizing a large amount of cash, critical documents, and “computer media.” In addition, a motorcycle and a high-end car were also recovered.
The judge presiding over the case has ordered that Huertas remain in custody until his trial, as he is considered a high-risk suspect who could escape, destroy evidence, or continue to commit other similar crimes if let out on bail.
