Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)

Security Affairs

Overview

Spanish authorities have arrested a man in Palencia as part of an FBI-led investigation into pro-Russian hacking groups, specifically CARR and Z-Pentest. The suspect is accused of collaborating with these groups to coordinate cyberattacks and facilitate financial transactions using cryptocurrency. He faces serious charges, including membership in a terrorist organization and glorifying terrorism. This arrest is significant as it underscores ongoing international efforts to combat cybercrime linked to geopolitical tensions, particularly those involving Russia. The implications of such arrests highlight the growing concern over cyber activities that could threaten national security and public safety.

Key Takeaways

  • Timeline: Ongoing since March 2023

Original Article Summary

Spain arrested a suspected CARR and Z-Pentest collaborator in an FBI-led probe for aiding pro-Russian hackers, coordinating attacks, and using crypto. Spanish National Police arrested a man in Palencia last March on charges of membership in and collaboration with a terrorist organization, glorifying terrorism, and computer damage. The investigation, carried out jointly with the FBI, […]

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Ongoing since March 2023

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Coverage

Linux bug dormant for 16 years can cause a VM escape

SCM feed for Latest

A long-standing vulnerability in the Linux kernel has been identified that could allow attackers to escape from a virtual machine (VM) and gain root access to the host server. This bug has remained dormant for 16 years, affecting various Linux-based systems. If a hypervisor is compromised, it could lead to severe security risks, as attackers could take control of the underlying server. This incident raises concerns for organizations relying on virtualized environments, as the potential for unauthorized access could lead to data breaches or further exploitation. Companies using vulnerable versions of the Linux kernel should prioritize assessing their systems for this risk and consider applying available patches.

Jul 7, 2026

Chinese hackers develop LONGLEASH malware to expand ORB network

BleepingComputer

A group of Chinese hackers known as UAT-7810 is enhancing their malware, dubbed LONGLEASH, to broaden their Operational Relay Box (ORB) network. They are primarily targeting unpatched Ruckus routers, which are internet-facing networking devices. This development poses a significant risk as compromised routers can be used for various malicious activities, potentially affecting a wide range of users and organizations relying on these devices. The attackers are taking advantage of vulnerabilities that have not been addressed, making it crucial for companies to ensure their networking devices are up to date with the latest security patches. The situation highlights the ongoing challenges in securing internet-connected devices against evolving threats.

Jul 7, 2026

Your edge infrastructure has no witness

SCM feed for Latest

A recent analysis has pointed out significant security gaps in edge infrastructure, particularly highlighting a lack of visibility that could leave systems vulnerable. Unlike traditional methods that focus on detection of threats, the research emphasizes the need for improved visibility to identify potential security issues before they can be exploited. This shortfall affects organizations relying on edge computing, where data processing occurs closer to the source rather than in centralized data centers. Without proper visibility, these systems may remain blind to emerging threats, making them easy targets for attackers. Companies using edge technology should reassess their security measures to ensure they can monitor and respond to vulnerabilities effectively.

Jul 7, 2026

County Government Reportedly Paid $1 Million to Cyber Extortion Group

SecurityWeek

A small county in Ohio has reportedly paid $1 million to a cyber extortion group to prevent the public release of sensitive data that was stolen during a cyber attack. This incident highlights the ongoing challenges that local governments face in securing their data against increasingly sophisticated cybercriminals. The decision to pay the ransom raises concerns about the implications for public trust and the potential encouragement of further attacks. It also reflects a troubling trend where municipalities may feel pressured to comply with extortion demands to protect sensitive information related to their operations and residents. As ransomware attacks continue to escalate, it’s crucial for local governments to strengthen their cybersecurity measures to prevent such incidents in the future.

Jul 7, 2026

SSH Keys Are a Silent Security Risk: The Machine Identity Crisis Explained - WC #1

SCM feed for Latest

The article discusses the security risks associated with SSH keys, which are often used for secure remote access to servers. Researchers have identified that many organizations fail to manage these keys properly, leading to potential unauthorized access. When SSH keys are not rotated or revoked after they are no longer needed, they can become a vector for attackers. This issue affects a wide range of companies that rely on SSH for secure communications. The implications are serious, as compromised SSH keys could allow intruders to access sensitive systems and data, making it essential for organizations to implement better key management practices.

Jul 7, 2026

Spain arrests suspected member of pro-Russian hacktivist groups

BleepingComputer

Spanish authorities have arrested a man believed to be involved with two pro-Russian hacktivist groups, CyberArmy of Russia Reborn (CARR) and Z-Pentest. The arrest is part of a broader effort to crack down on cyber activities linked to the ongoing geopolitical tensions involving Russia. These groups are known for their cyber operations that support Russian interests, which raises concerns about potential cyberattacks aimed at various targets. This incident highlights the increasing intersection of cybercrime and geopolitical conflicts, emphasizing the need for vigilance among individuals and organizations regarding their cybersecurity practices. As such groups continue to operate, their activities could pose risks to critical infrastructure and sensitive data across Europe and beyond.

Jul 7, 2026