Cyber Incident Victim: Spanish Ministry of Labor and Social Economy
Date:
Jun 2021
Location:
Spain
Summary
A Spanish government ministry responsible for labor and social policies experienced a cyberattack disrupting internal communications and multimedia services while its public website remained operational. Technical teams collaborated with the national cybersecurity center to investigate and restore affected systems. A related employment agency previously impacted by ransomware confirmed no operational disruptions from this incident, contrasting with prior attacks that caused widespread appointment delays. The ministry oversees significant budgetary allocations and policy coordination in its domain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 9, 2021, the Spanish Ministry of Labor and Social Economy (MITES) experienced a cyberattack disrupting its operations. The ministerial department, responsible for employment policies and social economy programs with an annual budget of approximately €39 million, confirmed the incident through its media office. Technical teams from MITES collaborated with Spain's National Cryptological Center to investigate the attack's origin and restore normal operations. While the ministry's primary website remained accessible, critical internal functions including the communications office and multimedia room were rendered inoperable. The attack occurred three months after a separate ransomware incident targeting MITES' subordinate agency, the State Public Employment Service (SEPE), though SEPE confirmed its systems remained unaffected during this newer event. MITES did not disclose technical details of the attack vector or whether data was compromised, focusing public statements on restoration efforts.
The June incident followed a March 9, 2021 Ryuk ransomware attack against SEPE that had significantly disrupted Spain's employment services. That earlier attack encrypted network systems across more than 700 SEPE offices nationwide, causing extensive delays to hundreds of thousands of public appointment schedules. MITES' cybersecurity challenges reflected broader patterns of high-impact incidents affecting Spanish institutions, including the November 2019 ransomware attacks against Everis (a major managed service provider) and Cadena SER radio network. Telecommunications giant Telefonica had also sustained operational damage during the 2017 WannaCry ransomware outbreak. The June attack on MITES underscored persistent vulnerabilities within Spanish administrative infrastructure despite previous incidents, though the ministry's coordination with national cybersecurity specialists indicated established incident response protocols. Service restoration timelines and forensic findings were not publicly detailed in immediate aftermath reports.