According to an exclusive report from El Confidencial, the National Institute for Agricultural and Food Research and Technology (INIA), which is part of the CSIC, has been paralyzed for over two weeks after suffering a cyberattack on November 12. The incident has left its 650 employees without internet access or internal systems, halting key research projects and putting millions of euros in international funding at risk.
The cyberattack, attributed to ransomware that may have been introduced via an infected USB drive, affects hundreds of research projects. One of the most prominent is the development of more resilient cereals, funded with 4.5 million euros by the Bill & Melinda Gates Foundation, which involves centers from Europe, the United States, and Argentina. According to sources consulted by El Confidencial, both the delays and the potential theft of data could jeopardize the viability of these research initiatives.
INIA employees have been instructed to work from home, but the restrictions on access to systems and documents on the network have drastically slowed their activity. According to statements collected by El Confidencial, the situation is critical: "We have no internet, we cannot print or access our files. This would be a bankruptcy if we were a private company." Additionally, no clear explanations or estimated timelines have been provided to resolve the issue.
The incident highlights the shortcomings in cybersecurity at the CSIC, which suffered a similar attack in 2022 when the Vice Society group disabled its systems for two months and stole 41 GB of sensitive data. Although improvements such as centralized backups and certification of centers under the National Security Scheme were promised at that time, only six out of the 149 CSIC centers have achieved that certification, according to El Confidencial.
The European Commission had already warned in May about the increasing number of cyberattacks on research centers aimed at stealing information and patents. In this context, the digital security of entities like INIA is crucial not only for protecting national research but also for maintaining international partners’ trust in Spanish science.
With an annual budget of 80 million euros and critical projects underway, INIA represents a pillar of agricultural and food research in Spain. This cyberattack underscores the urgent need to bolster cybersecurity in the country’s scientific institutions to prevent future incidents that could threaten their operations and international reputation.
More references: Hackeo INIA CSIC