Cyber Threat Actor: Los Pelaos
| Actor Type | Location | Known Incidents |
Activist
|
Spain
|
1 incident |
|---|
Profile
LOSPELAOSBRO, also known as Los Pelaos, is a threat actor that has been linked to a series of YouTube channel takeovers targeting high‑profile music artists. The group operates under the alias @LOSPELAOSBRO on Twitter, where its biography describes it as the official account of the criminal group Los Pelaos. Publicly available information indicates that the actor is based in Spain. In April 2022 the actor first claimed responsibility for compromising the YouTube channel of Travis Scott, a claim made in the group’s inaugural tweet. The actors later expanded the campaign to include Vevo‑managed channels of artists such as Justin Bieber, Taylor Swift, Kanye West, Drake, Eminem, Michael Jackson, Ariana Grande, Harry Styles, Travis Scott, The Weeknd and Lil Nas X, which together reach hundreds of millions of subscribers. The takeover involved altering video titles and uploading unauthorized content that promoted a demand for the release of Paco Sanz, a Spanish individual who was sentenced to two years in prison for stealing over €350 000 after falsely claiming a terminal illness. The actors explicitly stated that they do not attack governments and limit their activity to private companies while circulating demands related to the Spanish fraud case.
During the compromise, the actors did not access any pre‑existing videos or channel data, focusing instead on posting new material and changing existing titles. Uploaded videos bore specific titles such as “Justin bieber – Free Paco Sanz (ft. Will Smith, Chris Rock, Skinny flex & Los Pelaos)” and “No Doubt - no me retiro era broma @lospelaosbro”, alongside generic tags like “HACKED BY @LOSPELAOSBRO”. After each takeover, the group used its Twitter account to announce the hack, solicit suggestions for future targets, and share links to the altered channels. The Twitter handle associated with the actor grew to more than fifteen thousand followers as a result of the campaign. The actors claimed they were “going big” and indicated plans to expand the scope of their activity to additional artists including Ariana Grande, Migos and others. Vevo responded by removing the unauthorized uploads, securing the affected channels, and announcing a review of its security systems. Vevo noted that it does not provide direct access to artists, instead giving control of pages to Content Providers or music labels, a model that the attackers exploited to reach multiple channels.
