Cyber Incident Victim: Granada Bus
Date:
Oct 2023
Location:
Spain
Summary
A pro-Russian hacking group known as NoName conducted distributed denial-of-service (DDoS) attacks against Spanish public and private websites, including digital services in Granada during an EU summit. The attackers claimed responsibility via Telegram, citing Spain's support for Ukraine following bilateral talks involving Ukrainian President Zelenskiy and Spanish leadership. Targeted entities included government websites, Granada's metro system, bus service application, and tourism portal, causing temporary minor outages. Services were restored to normal after the country implemented reinforced cybersecurity measures. The incident highlighted geopolitical motivations behind the disruption attempts coinciding with high-profile diplomatic events.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 6, 2023, Spain’s government reported multiple distributed denial-of-service (DDoS) cyberattacks targeting public and private websites, including systems in Granada where an informal European Union summit was underway. The attacks caused minor service outages but were resolved with all affected services restored to normal operation by the time of the government’s statement. The pro-Russian hacker group NoName claimed responsibility via Telegram, explicitly linking the attacks to Spain’s support for Ukraine following a meeting in Granada between Ukrainian President Volodymyr Zelenskiy and Spanish Acting Prime Minister Pedro Sanchez. During that meeting, Spain pledged six HAWK air defense systems to Ukraine. NoName did not reference the EU summit directly but stated its actions were retaliation for Spain’s alignment with Ukraine against Russia’s invasion.
The attacks disrupted the Granada Bus service app, local metro systems, city tourism portals, and several Spanish government websites. Spain’s government responded by reinforcing surveillance and cybersecurity measures to address the threat, characterizing the incident as a coordinated "wave" of attacks timed to coincide with the EU summit. NoName described its actions as targeting Spain’s "Internet segment" with "long-range DDoS missiles," a reference to the technically unsophisticated but high-volume traffic floods typical of DDoS operations. The group’s public claim emphasized its pattern of attacking nations backing Ukraine, though no persistent damage or data breaches were reported. Service restoration was completed without further escalation, and no additional threat actors were implicated in the incident.