Cyber Incident Victim: Banca March
Date:
Oct 2017
Location:
Spain
Summary
A distributed denial-of-service (DDoS) attack targeted multiple Spanish entities, including Banca March, the Constitutional Court website, political party portals, and technology providers, disrupting web access, email services, and online operations for several hours. The hacktivist group Anonymous claimed responsibility as part of their #OpCatalunya campaign supporting Catalan independence, following prior warnings from national security authorities about coordinated cyberattacks. While most affected services resumed normal functionality by late afternoon, the incident followed earlier Anonymous operations against Spanish government databases and police systems. The attacks coincided with heightened tensions over Catalonia's political status, with hacktivists framing their actions as defending regional freedoms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 21, 2017, the hacktivist group Anonymous executed coordinated distributed denial-of-service (DDoS) attacks against multiple Spanish entities, including Banca March's website. The attacks commenced around 2:00 AM local time, rendering Banca March's web services inaccessible alongside those of the Constitutional Court, the Popular Party (PP), the Francisco Franco Foundation, and technology providers Flexinet and Telitec. The DDoS campaign disrupted public-facing digital assets, specifically impacting website availability, email systems, and other internet-dependent services. By 6:30 PM that same day, most affected websites—including Banca March's—had resumed normal operations following mitigation efforts, though the Constitutional Court's services remained offline at that time. Anonymous had publicly claimed responsibility through affiliated Twitter accounts like NamaTikure, framing the attacks as part of their #OpCatalunya and #FreeCatalunya initiatives to support Catalan independence. Spain's Department of National Security had preemptively warned of impending cyberattacks in a Friday advisory, citing Anonymous' declared 24-hour campaign window.
The incident formed part of Anonymous' broader "Operación Cataluña," which began on September 24, 2017, with a manifesto video. While earlier phases targeted Spanish government and police databases, the October 21 attacks focused on disrupting institutional and private-sector online presence through volumetric DDoS bombardment. Technical specifics regarding attack vectors or Banca March's exact downtime duration were not disclosed in available reports. No data breaches or financial system compromises were attributed to the bank's involvement. The Department of National Security noted recurrent attacks under the same operational banners in preceding weeks, indicating sustained hacktivist activity. Restoration timelines varied across targets, with Banca March among entities recovering functionality within the same business day. The campaign highlighted Anonymous' continued ability to coordinate multi-target disruptions despite prior governmental alerts.