Spain arrests suspected hacker linked to Russian hacktivist campaign
Authorities arrested an alleged member of Cyber Army of Russia Reborn, a pro-Russian hacktivist group accused of committing multiple attacks against critical infrastructure providers in the United States and Europe.
Spain’s national police announced the arrest Monday but said it occurred back in March. Officials did not name the man who was detained at his home in Palencia following an investigation triggered by a tip from the FBI in August 2025.
FBI agents in the Los Angeles field office coordinated with Spanish officials to capture the alleged cybercriminal, the agency’s cyber division said in a LinkedIn post Monday. The FBI said the arrest was part of Operation Riptide, an ongoing global campaign targeting cybercriminals and the infrastructure and financial networks they use to commit fraud.
“Together, we will continue to impose costs on cybercriminals wherever they operate,” the FBI said.
Spanish officials said the arrested man provided logistical support to a Ukrainian hacker linked to Cyber Army of Russia Reborn, also known as Z-Pentest, facilitating the Ukrainian’s escape to Russia via Poland and Belarus.
The arrested man also “participated in actions attributed to the pro-Russian hacktivist group NoName057(16), whose operations were later claimed in specialized portals related to geopolitics, with the aim of spreading pro-Russian and anti-Western narratives,” Spanish authorities said.
Police investigators searched the suspect’s home and seized computers and cryptocurrency storage devices, later freezing a cryptocurrency wallet he allegedly used to receive payment for his alleged crimes.
Officials said the nearly year-long investigation recently concluded but did not announce specific charges, other than accusing him of collaborating with a terrorist organization, glorifying terrorism and damaging computers.
Authorities have been targeting Cyber Army of Russia Reborn and its alleged members for years. The Russian state-sponsored group has been active since 2022, officials said.
The Treasury Department sanctioned the pro-Russian hacktivist group’s alleged leader and primary hacker, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, in July 2024.
In December 2025, the Justice Department indicted Ukrainian national Victoria Eduardovna Dubranova, accusing her of participating in attacks against critical infrastructure and other victims in support of Russia’s geopolitical interests as part of Cyber Army of Russia Reborn and NoName057(16). Dubranova was extradited to the United States last year and pleaded guilty in two federal cases brought against her.
The State Department since late 2025 has been offering potential rewards for up to $2 million for information on individuals associated with Cyber Army of Russia Reborn and up to $10 million for information on individuals associated with NoName. NoName057(16), also known as NoName, was established by Russian President Vladimir Putin in October 2018, according to the Justice Department.
Multiple federal agencies and international partners issued a joint cybersecurity advisory in December 2025 about threats posed by pro-Russian hacktivist groups, including Cyber Army of Russia Reborn and NoName.