The Ministry of the Interior, the Ministry of Defence, the Ministry of Foreign Affairs and the Ministry of the Presidency suffered the most serious hacking attempts, known as advanced persistent threats (APTs), according to Spanish newspaper El País.
The hacks took the form of an email virus with the hackers' aim being to track and intercept data communications of prominent government figures.
The hacking attempts were carried out by a group of 20 hackers; civil servants or computer technicians with a high level of IT expertise, whose main motive was money, according to El País.
A team of hackers employed to hack into a government ministry could earn up to €3 million ($3.7 million). Hacking into an iPhone could earn hackers €300,000 and into Microsoft €500,000, according to Félix Muñoz, CEO of security company, Innotec System.
It is difficult to know who paid for, commissioned and supported the offensive but what is sure is that the virus came from computers in Russia and China.
"Russia and China have economic and commercial interests that are different to those of NATO. Russia has a very high level of technical knowledge. China combines the use of commercial programmes with those it gets on the computer black market, "says Muñoz.
The spy software was designed to target the most commonly used software systems: Android, i0S and Windows. The viruses found in the computers of the Spanish government are similar to those found in ministries in other countries.
Among the detected malware were the Trojan Horses: Uroburos, Energetic Bear, Dragonfly and Snake, their origin attributed to Russian hackers.
“Snake is harmful and stealthy. It extracts information and is undetectable by antivirus software,” says Antonio Villalón, Director of Security for the S2 Grupo, which specializes in business security.
Cyber threats are a high priority for the CNI, the Spanish Centre for National Intelligence, which has employed 50 external hackers to bolster the staff of its National Cryptology Centre (CCN).
The Spanish security services have, since 2007, been recruiting telecommunications engineers with a postgraduate degree in cybersecurity.
The CNI has detected 13,000 hacking incidents in 2014, an 80 percent rise on 2013. 11.6 percent of these incidents were classified from 'high-risk' and 'critical'.
The Spanish intelligence service itself was the victim of 100 cyberattacks, double the 2009 figure. Better technology and more sophisticated cyber espionage methods are credited for the sharp increase in hacking incidents.