
Spain's National Police have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups.
Although hacktivism typically refers to cyberattacks intended to promote a political or ideological message rather than cause widespread damage, the two groups have been linked to multiple attacks targeting critical infrastructure in the U.S. and Europe.
A recent indictment of another alleged CARR member, Victoria Eduardovna Dubranova,
revealed that the hacking group carried out cyberattacks against water and food-processing facilities, creating real safety risks for people in the U.S.
The U.S. government has previously
sanctioned two more alleged members of the group, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, who were linked to attacks against the SCADA systems of an American energy firm.
CARR has also been loosely linked to the Russian state-backed threat group
APT44, aka “Sandworm,” which is known for masking their activities behind hacktivist collectives.
According to the Spanish police announcement, the arrested individual, who lived in Palencia, provided logistical and operational support to a Ukrainian hacker who operated for CARR.
The investigators say the man attempted to facilitate the hacker’s escape to Russia through Poland and Belarus.
“The suspect also used various encrypted messaging applications to maintain contact with other members of these terrorist groups, coordinating activities and providing support for their operations,”
the police announcement states.
“According to investigators, the suspect participated in actions attributed to the pro-Russian hacktivist group NoName057(16).”
“Those operations were later claimed on specialized geopolitics-related websites with the aim of promoting pro-Russian and anti-Western narratives.”
The Spanish police acted on information provided by the FBI and launched an investigation in August 2025.
In March 2026, the authorities raided the suspect’s home in Palencia and seized computers and cryptocurrency storage devices, which will be used in the ongoing investigations.
The officers also froze cryptocurrency wallets that were used to receive crime proceeds, specifically, sales of stolen data.
Currently, the arrested man is under investigation, and no specific charges have been formally filed, but the police announcement mentions he is suspected of membership in and collaboration with a terrorist organization, glorification of terrorism, and computer damage.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
<small>Source: Bleeping Computer</small>