Spain's Ministry of Science shuts down systems after breach claims

Spain's Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services.

Ministerio de Ciencia, Innovación y Universidades is the Spanish government body responsible for science policy, research, innovation, and higher education.

Among others, it maintains administrative systems used by researchers, universities, and students that handle high-value, sensitive information.

The Ministry stated that the decision was in reaction to a "technical incident," but did not provide additional details. However, a threat actor is claiming an attack on the institution's systems and published data samples as proof of the breach.

“As a result of a technical incident currently under assessment, the electronic headquarters of the Ministry of Science, Innovation and Universities has been partially closed,” reads an announcement on the main page of the ministry’s website.

“All ongoing administrative procedures are suspended, while safeguarding the rights and legitimate interests of all persons affected by this temporary closure.”

To mitigate the impact of the disruption, the Ministry will extend all deadlines for affected procedures, in accordance with Article 32 of Law 39/2015.

A threat actor using the alias ‘GordonFreeman’ from the Half-Life game title offered to the highest bidder data allegedly stolen from the Spanish ministry.

The alleged hacker leaked on underground forums data samples that include personal records, email addresses, enrollment applications, and screenshots of documents and other official paperwork.

The threat actor states that they breached Spain’s Ministry of Science by exploiting a critical Insecure Direct Object Reference (IDOR) vulnerability that gave them valid credentials for "full- admin-level access."

It’s worth noting that the forum where the information appeared is now offline, and the data has not appeared on alternative platforms yet.

The leaked images appear legitimate, although BleepingComputer has no way to confirm their authenticity or any of the attacker’s other claims. We have contacted Ministerio de Ciencia about these allegations, but a statement wasn’t immediately available.

Meanwhile, Spanish media outlets report that a ministry spokesperson confirmed that the IT systems disruption is related to a cyberattack.