Outpost24’s Threat Intelligence Research Team has released a detailed analysis on the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers.
From publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements, the threat intel team examines the likely initial access vector, the probably origin of the data, and the broader security implications therein.
Some key findings include:
- Several indicators suggest the activity is attributable to a lone, Spanish-speaking individual rather than a coordinated group.
- The threat actor’s own statements, specifically “I also do cracking as a service” and “Don’t blame me for my work; blame your employees for not doing theirs,” strongly suggest that initial access was obtained through compromised credentials.
- The actor’s minimal presence across forums and messaging platforms, combined with a lack of established reputation, suggests limited credibility among potential buyers.
- Analysis of file names, object types, and export characteristics indicates the data originated from a CRM environment consistent with Salesforce.
For full details, the analysis can be read here: https://outpost24.com/blog/endesa-data-breach/
Like this:
Like Loading...
Related
This entry was posted on January 15, 2026 at 2:17 pm and is filed under Commentary with tags Outpost24. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An analysis on hack against major Spanish electricity and gas provider Endesa
Outpost24’s Threat Intelligence Research Team has released a detailed analysis on the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers.
From publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements, the threat intel team examines the likely initial access vector, the probably origin of the data, and the broader security implications therein.
Some key findings include:
For full details, the analysis can be read here: https://outpost24.com/blog/endesa-data-breach/
Share this:
Like this:
Related
This entry was posted on January 15, 2026 at 2:17 pm and is filed under Commentary with tags Outpost24. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.