Spanish Research Center Claims Russian Hackers Infected Its Systems with Ransomware

The Spanish National Research Council (CSIC) has issued a public statement alleging that Russian hackers breached its systems to deploy ransomware. According to the institute, it might be the same hacking group behind similar attacks on the Max Planck Institute and NASA.

CSIC is Spain’s largest public research institution and one of the most renowned in the European Research Area. It is affiliated to the Ministry of Science and Innovation through the Secretary General for Research.

The institute promotes initiatives aimed popularizing science, education and citizen science as part of its mission to “foster scientific culture and to make science more accessible for everybody,” according to its website.

CSIC claims it has “multiple security mechanisms that prevent more than 260,000 registered attacks daily.” But that didn’t stop hackers from breaching its systems last month, according to a notice issued this week.

A Google-translated version of the announcement states that, “The Consejo Superior de Investigaciones Científicas (CSIC), an organism dependent on the Ministerio de Ciencia e Innovación, received a ransomware-type cyberattack on July 16 and 17.”

The attack was detected a day later, on July 18, prompting the science center to summon the Cyber ​​Security Operations Center (COCS) and the National Cryptological Center (CCN) for help.

“In the absence of the final report from the investigation, the experts indicate that the origin of the cyberattack comes from Russia and indicate that, until now, no loss or theft of sensitive or confidential information has been detected,” the institute said. “This attack is similar to that suffered by other research centers such as the Max Planck Institute and the National Aeronautical and Space Administration of the United States (NASA).”

Indeed, the Max Planck Institute for Plasma Physics fell victim to a cyberattack via Emotet malware on June 12. The malware was distributed via a spam email campaign, with the attackers accessing email content from the mailboxes of infected systems.

Only a quarter of the smaller science centers commanded by the CSIC are currently operating normally. In other words, three quarters of its scientific research facilities are still affected by the hack. The CSIC says it will take days to fully restore all systems.

One of the more notable works done by the CSIC in recent times is the Temperature and Winds for InSight (TWINS) module, a component of NASA's InSight Mars lander, which made contact with the red planet on November 26, 2018. TWINS is designed to monitor weather on Mars.