Cyber Incident Victim: Ayuntamiento de Irún
Date:
Mar 2025
Location:
Spain
Summary
The Irún city council reported a cyberattack that took down its municipal website, leaving it inaccessible for several hours before technicians restored service later. During the outage the municipal electronic office was affected, prompting the council to extend administrative deadlines for procedures due that day until the following evening. Other local administrations, including the Gipuzkoa provincial council and the town halls of Donostia and Hondarribia, also experienced disruptions but reported that their sites returned to normal operation quickly. Authorities confirmed the attack was part of a broader wave targeting public entities and said it had been neutralized.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Wednesday, 5 March 2025, the Ayuntamiento de Irún detected a widespread cyberattack that targeted, among other administrations and entities, its municipal website. The attack caused the website to become paralyzed and remain non‑functional for several hours. Upon detection, the Municipal IT Service began working to resolve the incident and managed to restore the website by the afternoon. Despite the restoration, the website continued to exhibit problems around 18:00 hours.
The technical difficulties experienced during the outage affected the processing of procedures through the municipal electronic office. Consequently, the Ayuntamiento approved an extension of administrative deadlines whose original expiration date coincided with that Wednesday, setting the new deadline to 23:59 on the following Thursday. The decision was reported by Europa Press.
Other public bodies in the region also reported issues on the same day, namely the Diputación de Gipuzkoa and the municipal websites of Donostia and Hondarribia. Unlike Irún, those entities experienced only brief interruptions, with their web pages returning to normal operation shortly thereafter. The Diputación de Gipuzkoa confirmed that its own website was down for less than five minutes before being restored. The rapid recovery was attributed to the functioning of control systems that reacted to the incident.
The Cyberzaintza, the Basque cybersecurity agency, confirmed that a cyberattack had occurred and stated that it had been in contact with the relevant technical teams. The Diputación de Gipuzkoa likewise confirmed that the attack had targeted several public administrations of the State but emphasized that the incident had been neutralized. Officials described the neutralization as routine, noting that such events happen daily and that the web downtime was minimal for most affected sites. They reiterated that control systems had operated as intended and that normal service had been restored across the affected administrations.