Spanish law enforcement has dismantled a domestic hacktivist cell known as Anonymous Fénix, arresting its four main members for their alleged role in a long-running campaign of cyberattacks against government and public institution websites.
The Guardia Civil confirmed that the four suspects were taken into custody after a coordinated investigation that began in May 2025. Initial arrests included the group’s administrator and moderator in Alcalá de Henares (Madrid) and Oviedo (Asturias); more recently, two of the most active operatives were detained in Ibiza and Móstoles (Madrid).
What the Group Is Accused Of
The suspects are alleged to have orchestrated a series of distributed denial-of-service (DDoS) attacks targeting:
- Government ministries and public administration portals
- Political party websites
- Institutional web services across Spain
Authorities say these actions temporarily disrupted access to official sites by flooding them with excessive network traffic, a tactic commonly used in hacktivist campaigns.
Investigators also noted that the group claimed responsibility for intensified attacks in the wake of Spain’s 2024 DANA floods, suggesting political motives linked to government response efforts.
Online Presence and Disruption
Anonymous Fénix operated publicly through social media channels and encrypted messaging platforms like X (formerly Twitter) and Telegram, where it shared its messages and recruited sympathizers for online actions. As part of the operation, authorities closed the group’s digital communication channels, including its accounts on X and YouTube, and shut down its Telegram group.
Law Enforcement Response
The Guardia Civil’s investigation was coordinated with Spain’s Centro Criptológico Nacional and multiple judicial authorities. Officials emphasize that the arrests mark a significant blow to hacktivist networks engaging in cyberattacks against public infrastructure.
Authorities have not released the identities of the suspects, but the operation underscores Spain’s intensified efforts to combat cybercrime and protect critical online services from politically motivated disruptions.
