Cyber Incident Victim: La Sexta
Date:
Jan 2022
Location:
Spain
Summary
A Spanish television channel experienced a cyberattack where hackers compromised its notification system to distribute unauthorized messages. The attackers disseminated offensive content targeting the organization's cybersecurity personnel, sarcastically announced a fabricated programming change favoring a sports show, and included mocking references to a convicted fraudster. This incident followed a prior breach months earlier where the channel's official social media accounts were similarly hijacked. The perpetrators remained unidentified at the time of reporting, with the attack coinciding with unrelated ransomware incidents affecting academic institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 2, 2022, the Spanish television network La Sexta, owned by Atresmedia, experienced a cyberattack involving the unauthorized takeover of its notification systems. Attackers hijacked the platform responsible for distributing breaking news alerts to disseminate offensive, sarcastic, and misleading messages. These notifications included criticisms of La Sexta’s cybersecurity leadership, false claims about programming changes—specifically a fabricated announcement of 24-hour continuous broadcasts of the sports talk show *El Chiringuito*—and satirical references to Paco Sanz, an individual convicted of fraud for fabricating illnesses to solicit donations. The compromised notifications were visible to subscribers and prompted social media users to share screenshots, amplifying the incident’s visibility. This marked the second known breach targeting La Sexta within six months, following a July 2021 incident where attackers posted offensive content through the network’s official Twitter accounts.
The attack coincided with a separate ransomware incident affecting the Universitat Oberta de Catalunya (UOC), whose servers were compromised by malware on the same day. The ransomware variant was identified as identical to the one used in an October 2021 attack against the Universitat Autònoma de Barcelona (UAB), which remained unresolved at the time of La Sexta’s breach. While both incidents occurred simultaneously, no direct technical or operational link between the La Sexta notification hijacking and the UOC ransomware attack was established in available reports. La Sexta did not publicly disclose the technical method used to compromise its notification system, the duration of unauthorized access, or specific containment measures taken. No entity claimed responsibility for the attack, and the perpetrators’ identities remained undetermined. The incident primarily disrupted La Sexta’s communication channels, undermined trust in its alert system, and generated negative publicity through the spread of mocking and critical messages.