Spain's Ministry of Science Shuts Down Systems After Breach Claims

Spain's Ministry of Science (Ministerio de Ciencia, Innovación y Universidades) has taken the unusual step of partially shutting down its IT systems after claims of a cyberattack, affecting services used by researchers, universities, and students across the country.

Partial System Shutdown and Service Disruption

The Ministry announced the disruption through a notice on its website, stating that the electronic headquarters has been "partially closed" due to a "technical incident currently under assessment." The shutdown affects several citizen- and company-facing services, with all ongoing administrative procedures suspended.

According to the Ministry's announcement, deadlines for affected procedures will be extended in accordance with Article 32 of Law 39/2015, ensuring that the rights and legitimate interests of affected individuals are safeguarded during this period.

Breach Claims and Data Leak

While the Ministry initially described the incident as a "technical incident," Spanish media outlets have since reported that a ministry spokesperson confirmed the disruption is related to a cyberattack. A threat actor using the alias 'GordonFreeman' - a reference to the protagonist from the Half-Life video game series - has claimed responsibility for the attack.

The alleged hacker published data samples on underground forums, claiming to have stolen personal records, email addresses, enrollment applications, and screenshots of official documents. The threat actor is offering the stolen data to the highest bidder.

Technical Details of the Alleged Attack

The attacker claims to have exploited a critical Insecure Direct Object Reference (IDOR) vulnerability that provided "full-admin-level access" to the Ministry's systems. IDOR vulnerabilities occur when an application exposes a reference to an internal implementation object, allowing attackers to manipulate these references to access unauthorized data.

However, the forum where this information was originally posted is now offline, and the data has not appeared on alternative platforms. While the leaked images appear legitimate, their authenticity cannot be independently verified.

Context and Implications

This incident highlights the growing threat to government institutions and the sensitive nature of data they handle. The Ministry of Science maintains administrative systems that process high-value information for researchers, universities, and students throughout Spain.

The partial shutdown demonstrates the Ministry's precautionary approach to protecting potentially compromised data, though it also creates significant disruption for ongoing research projects, administrative processes, and academic activities that depend on these systems.

Broader Cybersecurity Landscape

This breach claim comes amid a series of high-profile cyberattacks targeting government institutions and large organizations. Similar incidents have affected Spanish energy giant Endesa, the French unemployment agency (fined €5 million for a data breach), and online retailer PcComponentes, which recently denied breach claims.

The use of game-related aliases by threat actors, such as 'GordonFreeman,' has become increasingly common in the cybercrime underground, potentially serving as a form of branding or signaling within these communities.

Next Steps and Recommendations

Organizations handling sensitive government data should review their security posture, particularly regarding IDOR vulnerabilities and access control mechanisms. Regular security assessments, penetration testing, and implementation of the principle of least privilege can help prevent similar incidents.

Citizens and organizations affected by the Ministry's system shutdown should monitor official communications for updates on service restoration and any potential impact on their data or ongoing processes.

The Ministry has been contacted for additional details about the incident, but a statement was not immediately available at the time of publication.