Blackouts In Spain & Portugal Likely Caused By A Cyber Attack

Uploaded on 2025-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

A massive power outage struck the Iberian Peninsula on April 28, plunging millions of people into darkness as electricity supplies were suddenly cut across Spain and Portugal. According to Juanma Moreno, President of the Andalusian regional government, hostile activity by cyber criminals is  the most likely cause of the blackout. 

Portugal’s grid operator, RNA, offered an alternative explanation for the massive power outage when it It blamed a rare atmospheric phenomenon which caused "oscillations" and "vibrations" in high power lines, which in turn resulted in "synchronisation failures" across the national grid. 

It is unclear how such oscillations might have affected power supply across Spain.

Around midday on Monday electrical systems of all kinds started to break down across both nations, affecting electrical power, telecoms and internet connectivity affecting emergency services across both countries - only the offshore  islands were  unaffected. 

El Pais, the Spanish newspaper said, “the power outages have paralysed the normal operation of infrastructure, communications, roads, with widespread traffic light failures, train stations, airports, businesses, and buildings,” including incidents involving elevators. 

The Portuguese newspaper, Correio da Manha, said that police have been sent out into the streets to help with traffic control in the absence of the usual infrastructure to keep vehicles moving. Vodafone  blamed disruptions to its network across Portugal on the continuing electricity problems. Even the French Basque region neighbouring Spain is reported to have suffered “brief power cuts".

If this is the result of a cyber attack it will be the most significant attack of its kind since 2015 and 2016 when widespread national blackouts were inflicted on Ukraine by Russian hackers, several years prior to the subsequent  failed invasion.  

While the exploit  affected hundreds of homes in western Ukraine, this incident is affecting millions of people across the Iberian Peninsula and an attack of such wide ranging impact affecting  major EU nations would be a challenging and complex operation, beyond the capabilities of all but the most skilled and well-resource nation-state  threat groups. 

The International Energy Agency recently warned that cyber attacks against utilities worldwide have more than doubled between 2020 and 2022 and while there have been some cases of undersea cables and even gas pipelines being severed in the past, these caused localised disruption, rather than affecting an entire nation. 

Most previous attacks on energy infrastructure, including those in Ukraine, Estonia  and the highly effective Stuxnet attack on nuclear facilities in Iran, have been blamed on nation state actors, although no nation has ever claimed responsibility.

@JuanMa_Moreno  |   El Pais |   CM Jornal  |   ITPro   |   Sky News   |   Figaro   |   Yahoo   |   BBC   | 

ITVX   |   Cybersecurity News   |   Ars Technica   |  IEA    

Image: 

You Might Also Read: 

Cybersecurity, Volt Typhoon & The Grid:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Cybersecurity Risks In Legacy Scheduling Systems & How To Mitigate Them
Ransomware Attacks On The Energy Sector Surging »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Custodia Continuity

Custodia Continuity

Custodia Continuity manage your Security, Backup, Continuity and Compliance. You get on with your business.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.