Spanish police say they they conducted a raid in the city of Alicante on Sunday and arrested a Venezuelan national for his alleged involvement in the Kelvin Security hacking group.
The unnamed suspect (although thought to be Kelvin Para) was charged with crimes related to belonging to a criminal organisation, revealing secrets, computer damage and money laundering in a police statement released shortly after the raid via the force’s Telegram channel.
The force also released some footage of the raid and arrest via the Telegram channel, but it can also be viewed on YouTube:
Who are Kelvin Security?
The telegram message released by the Spanish police outlines some of the criminal activity undertaken by Kelvin Security over the years but naturally focuses on the Spanish victims of the gang.
In more global respects, the gang have been responsible for attacks on Banco Bci Chile, The German Institute of Global and Area Studies (GIGA), BMW (UK), U.S. business consulting firm Frost & Sullivan, Saudi banks, the Italian Istituto Nazionale di Fisica Nucleare, Venezuela’s election system database, and many more.
The gang is known by a few other names including ATK140, KelvinSec Team, KelvinSecTeamGobVe, and TAG-CR6.
Over the years, the gang has targeted victims in multiple industry verticals including Finance, Governments, Aviation, Gambling, Education, Energy, Healthcare, Retail, Pharmaceuticals, Manufacturing, and Transportation.
Due to the nationalities of the suspected members, Kelvin Security is thought to be a South American hacking group led by Kelvin Parra (Venezuela). Other group members are suspected to be Rodrigo Alonzo Canaza (Peru), Omar Rodriguez (Peru), Jhonatan James (Colombia)
The group has been active and demonstrating moderate technical capabilities since 2015 and have a large online presence with numerous social media outlets including Twitter, Instagram, and YouTube.
The group specialises in web-based attacks that ultimately lead to data theft, however, the group also has interests in ICS & SCADA systems as well as medical devices.
The group also provides various hacking-related services such as malware, exploits, databases, system access, etc. as a subscription model via their dark web site.
