Cyber Incident Victim: Basque Country
Date:
Jan 2023
Location:
Spain
Summary
A cyberattack of unknown origin targeted a municipal government in the Basque Country, disrupting critical services including citizen assistance operations. The incident prompted an immediate response involving municipal IT teams and external cybersecurity experts to assess impacts on system integrity and security. Recovery efforts are ongoing, with officials warning of continued service limitations until normal operations can be fully restored. Authorities including Spain's National Cryptologic Center were notified of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 8, 2023, the Durango City Council in Spain's Basque Country region suffered a cyberattack of unknown origin. Municipal sources confirmed the incident occurred during Sunday morning operations, prompting immediate notification to authorities including Spain's National Cryptological Center (CCN). The attack compromised municipal systems, though specific intrusion methods or attacker identities remained unidentified. Municipal IT personnel initiated emergency protocols alongside external cybersecurity experts to evaluate the breach's scope, focusing on system integrity and security safeguards. No ransomware demands or data exfiltration claims were disclosed in initial reports.
The incident severely disrupted the Citizen Service Center (SAC), a primary interface for public administrative requests, alongside other unspecified municipal services. Officials warned residents of potential operational limitations during recovery efforts, though critical emergency systems appeared unaffected. Forensic teams prioritized damage assessment without confirming whether data theft occurred or if systems required complete rebuilding. Restoration timelines remained undefined as of January 9, with no public attribution to threat actors or disclosure of initial attack vectors. Service disruptions persisted while investigators worked to establish attack pathways and reinforce defenses against potential follow-on incidents.