The Ministry of Interior has taken a decisive step to safeguard its IT systems against the rising wave of cyberattacks impacting Spain. Through the General Subdirectorate of Information and Communications Systems for Security (SGSICS), the department led by Fernando Grande-Marlaska has formalized the procurement of the American intelligence service Recorded Future, one of the most advanced threat analysis platforms globally, at a cost close to €800,000.
The initiative follows a six-month trial period launched in November 2024, whose effectiveness convinced Interior of the need to keep this system active for at least a full year starting in July 2025. According to the tender revised by THE OBJECTIVE, the contract will enable security agencies to monitor vulnerabilities and threats on the ministerial web applications in real time, which contain sensitive data of millions of citizens.
### The Shadow of Pro-Russian Cybercrime
This decision doesn’t come in a vacuum. Since the start of the war in Ukraine, various pro-Russian hacking groups have increased their operations across Europe. In Spain, Melilla recently experienced an unprecedented computer breakdown following a cyberattack attributed to the Russian group Quilin, which left public services—including the Local Police—inoperative. More recently, Villajoyosa’s City Council in Alicante was struck by a ransomware attack that halted all its systems.
In their justification memo, Interior warns of the “unceasing growth of cyberattacks in the public sector, the proliferation of vulnerabilities unknown to manufacturers, and systematic exploitation by organized groups.” One of the most frequently mentioned groups is NoName057(16), also known as NoName097, a pro-Russian hacktivist collective specializing in DDoS attacks against government entities in allied countries like Ukraine.
Reports from the National Cryptological Center (CCN) warn that groups such as NoName057, KillNet, and others operate in coordination via Telegram channels to target critical infrastructure in Spain, Germany, the UK, France, Poland, the US, and other countries. Some of these groups even claim their attacks publicly after executing them, making proactive prevention challenging.
### Recorded Future: Intelligence to Anticipate the Adversary
In this context, Recorded Future provides a vital component: strategic and technical intelligence to anticipate the operational tactics of cybercriminal groups. Developed in the United States, the platform is considered one of the largest repositories of threat data worldwide, combining big data, artificial intelligence, and human analysis to provide a comprehensive view of each threat’s lifecycle.
Its database includes over a decade of historical information accessible in real time, enabling searches from group names and attack vectors to malware images, technical references, domains, or IP addresses linked to threats. For Interior, this level of visibility is essential to react before attacks materialize.
### Spain Among the Most Attacked Countries Globally
According to the latest report from cybersecurity firm ESET, Spain ranks among the top ten most attacked countries in the world, and the leading one in Europe. This vulnerability is compounded by generally low awareness of cybercrime risks, both in public and private sectors. The consequences can range from the total paralysis of critical systems to multimillion-dollar losses.
The Ministry of Interior itself acknowledges that the threat is amplified by the global geopolitical landscape marked by the Russia-Ukraine war and the conflict in Gaza. In this scenario, having tools like Recorded Future is considered a strategic priority to protect Spain’s digital sovereignty.
### An Increasing Trend in Europe
Spain is not the only country turning to American-origin cyber intelligence solutions. Other EU member states have begun integrating similar services in response to the escalation of hybrid operations and coordinated disinformation campaigns from foreign powers. These acquisitions are part of a broader movement to strengthen national cybersecurity, increasingly interconnected with international collaboration frameworks such as NATO or the European Agency for Cybersecurity (ENISA).
via: https://blog.elhacker.net/2025/07/interior-eeuu-ciberataques-rusos-espana.html