Spanish authorities have arrested four alleged members of the hacktivist group Anonymous Fénix for their involvement in a series of distributed denial-of-service (DDoS) attacks targeting government and public sector websites.
According to Spain’s Guardia Civil, the unnamed suspects were responsible for launching attacks against government, political, and other public entities. The group’s activity reportedly peaked in the aftermath of the catastrophic floods that struck Valencia in October 2024.
Authorities said two individuals suspected of acting as the administrator and moderator of the group were arrested in May last year. Earlier this month, two additional members were detained as part of the same investigation.
The suspects, who claimed affiliation with the international hacktivist movement Anonymous, allegedly began their activities in April 2023. Initially, they conducted propaganda campaigns on social media platforms X and Telegram, primarily targeting Spanish and South American institutions.
Offcials say the group intensified its operations from September 2024, recruiting volunteers to carry out coordinated cyberattacks. Following the Valencia floods, Anonymous Fénix allegedly targeted multiple public administration websites, accusing authorities of responsibility for the disaster.
In addition to the arrests, Spanish authorities seized the group’s YouTube and X accounts and shut down its Telegram channel.
In a separate operation, Polish police dismantled an organized crime network accused of phishing and online fraud. Officers from the Białystok branch of Poland’s Central Bureau for Combating Cybercrime identified 11 suspects operating between May 2022 and May 2024 in Poland and Germany.
The group allegedly created fake websites imitating well-known news portals and published sensational content, such as false reports about the death of famous individuals. Unsuspecting users who clicked on the links were redirected to fraudulent Facebook login pages, where their credentials were harvested.
Authorities said more than 100,000 login credentials were seized during the investigation. The stolen accounts were then used to send messages via instant messengers to extort BLIK payment codes from victims.
In total, the suspects face more than 400 charges, including participation in an organized criminal group, illegal access to online accounts, fraud, and money laundering under multiple provisions of the Polish Penal Code.