Cyber Incident Victim: Tribunal Constitucional
Date:
Oct 2017
Location:
Spain
Summary
Anonymous conducted a distributed denial-of-service (DDoS) attack targeting the Spanish Constitutional Court's website, email, and internet services, causing extended downtime. The hacktivist group simultaneously attacked multiple entities including political parties, foundations, and technology providers under the #OpCatalunya and #FreeCatalunya campaigns, aiming to support Catalan independence efforts. While most affected services were restored within hours, the incident followed prior warnings from national security authorities about planned cyber operations. This attack was part of a broader series of disruptions by the group, which had previously targeted Spanish government and police databases as part of their ongoing activism.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 21, 2017, the Spanish Constitutional Court (TC) experienced a significant cyberattack attributed to the hacktivist group Anonymous. The attack began around 2:00 AM local time and involved a mass distributed denial-of-service (DDoS) campaign targeting the court’s website, email systems, and other internet services. By 6:30 PM that day, the TC’s digital infrastructure remained inaccessible, though most other affected entities—including the websites of the Partido Popular (PP), the Francisco Franco Foundation, Banca March, and technology providers Flexinet and Telitec—had restored functionality. The disruption prevented public access to the TC’s online resources and communications platforms for over 16 hours. Anonymous publicly claimed responsibility for the attack as part of its broader #OpCatalunya and #FreeCatalunya campaigns, which aimed to protest restrictions on Catalan independence efforts. Spain’s Department of National Security had issued a warning the previous day, confirming intelligence about planned Anonymous operations targeting government and institutional websites. The attack coincided with a 24-hour bombardment campaign announced by the group, reflecting an escalation in tactics following earlier actions under the same operational banners.
The incident formed part of Anonymous’ ongoing “Operation Catalonia,” which began on September 24, 2017, with a manifesto video advocating for Catalan self-determination. Prior attacks under this campaign included breaches of Spanish National Police and government databases, though the October 21 DDoS marked the first major disruption of the Constitutional Court’s services. Hacktivists used the Twitter account NamaTikure to coordinate announcements, framing the attacks as a defense of “freedom in Catalonia.” Spanish authorities confirmed that similar attacks under the #OpCatalunya banner had occurred in preceding weeks, though none had achieved comparable scale or duration. The Department of National Security’s preemptive alert indicated heightened monitoring of Anonymous’ activities but did not prevent the sustained disruption. Restoration efforts for the TC’s systems extended beyond the 24-hour campaign window, underscoring the operational impact on a critical judicial institution. No data theft or permanent system damage was reported, but the incident highlighted vulnerabilities in public-sector digital infrastructure during politically charged events.