OpCatalunya activity increases in response to recent arrests
Target: Spainish/European & Scottish Targets
Attack Vector: DDoS/Website Defacement/Hacks & data Leaks
Threat Actor: @MinionGhost/ @AnonymousCatalonia / @Lulzsaints
Summary: Following the arrest under a European Arrest warrant of the former Catalan leader Carles Puidgemont in Germany on 25th March 2018, @Anonymous affiliated actors have targeted a growing number of organisations as part of #OpCatalunya. The hacktivist group @MinionGhost has also announced it will be carrying out a “massive attack” on 29th March in support of the operation although at the time of writing no target list has been issued. During the same period, the former Catalan Education Minister Clara Ponsati was also made subject to an arrest warrant and is currently making arrangements to hand herself into Police Scotland.
Risk assessment summary: It is currently assessed that #OpCatalunya linked activity presents a 3d MODERATE threat to Spanish, German and Scottish targets, most likely in the government, police and judicial sectors although other targets of opportunity are likely to be exploited if vulnerabilities are identified by the hacktivists concerned. It is also likely that EU institutions will be targeted as a retaliatory measure.
As the arrests are the result of European arrest warrants being used against elected politicians for the crime of holding a referendum on Catalan independence, the case is almost certain to generate a great deal of international controversy. In Scotland, there is a concern following the Scottish government admission that it is powerless to intervene to halt the extradition of Ponsati. This will undoubtedly be seized upon by pro-Brexit and opposition groups to embarrass the heavily pro-EU first Minister Nicola Sturgeon. The situation also makes it likely that Scottish institutions will be targeted by @Anonymous actors for co-operating in any subsequent extradition proceedings.
Although @MinionGhost have announced the 29th as the date for their planned “massive attack” it should be expected that DDoS, hacks and data leaks, as well as defacement attacks, will continue both before and after this date until at least the medium term and future activity may be timed to coincide with any court appearances. There has also been an increase in Catalonia related direct action activity in Spain, which may also increase as the legal situation develops.
System users are advised to ensure adequate DDoS mitigation and cyber security precautions are in place as a matter of routine. Monitoring of the threat environment will continue in order to identify target lists and other actionable intelligence.