Cyber Incident Victim: Banco de España

On August 19, 2018, hacktivist group Anonymous Catalonia announced the start of #OpCatalonia, a cyber protest campaign against the Spanish government's arrest of Catalan political leaders involved in the region's 2017 independence movement. The campaign began on August 20 with distributed denial-of-service (DDoS) attacks targeting Spanish government websites, including those of the Constitutional Court and the economy and foreign ministries. On Sunday, August 26, the group shifted focus to Banco de España's website, sustaining the DDoS attack through Monday, August 27. The attackers used rented DDoS services to overwhelm the bank's web servers and announced their success via Twitter under the 'TangoDown' hashtag, providing global outage evidence. Banco de España confirmed the attack caused intermittent website accessibility issues but emphasized no operational disruptions occurred. As Spain's central bank lacked online banking services or commercial customer portals, the attack solely impacted public access to informational website content.

The incident represented one phase of Anonymous Catalonia's sustained #OpCatalonia campaign, which employed temporary DDoS attacks as symbolic protests. The group ceased attacks when their rented DDoS resources depleted, allowing normal website functionality to resume automatically. Banco de España's public statement characterized the attack as limited to superficial website disruptions without compromising internal systems, financial operations, or data security. No data theft, defacement, or persistent network infiltration occurred. The bank implemented standard DDoS mitigation procedures but did not disclose specific technical countermeasures. Anonymous Catalonia's actions aligned with their established pattern of time-bound disruptive protests against Spanish institutions, reflecting the geopolitical tensions surrounding Catalonia's independence movement during this period.