On April 28, 2025, Spain experienced the largest power outage in its history. At 12:33 p.m., the mainland electricity grid completely collapsed. In just seconds, power disappeared from homes, hospitals, mobile networks, train stations, and emergency systems. The outage also affected Portugal and triggered unprecedented alarm across Europe.
Amid the confusion, the question that still lingers is simple but unsettling: What really happened? Was it an unlikely technical failure… or a cyberattack?
The official account: a cascading failure due to two technical faults
Hours after the blackout, Red Eléctrica de España (REE) provided the first official explanation. According to their data, the system was operating normally until two major power plants in the southwest of the country suddenly disconnected, just 1.5 seconds apart.
In total, more than 15 gigawatts (GW) of generation were lost, causing a sharp drop in electrical frequency. Automatic protections could not stop the instability, and in less than three seconds, the grid collapsed completely.
Although the black start system allowed power to be restored in less than 24 hours, the event was serious enough to activate all national and European emergency protocols.
Initial suspicions: a digital sabotage?
While the public searched for answers, disturbing information began to circulate. Some media and analysts pointed to the possibility of a sophisticated cyberattack as the trigger for the blackout. The hypothesis was not far-fetched: modern electrical systems are digital, interconnected, and vulnerable.
The National Court opened proceedings to investigate possible sabotage, and the National Cryptologic Center (CCN), together with the National Cybersecurity Institute (INCIBE), reviewed REE’s SCADA systems.
So far, authorities have denied finding evidence of intrusion or external access. But in cybersecurity, the absence of evidence does not equal evidence of absence.
“The most advanced attacks can hide their tracks for weeks or months. It’s too early to completely rule out a cyber vector,” INCIBE experts noted in industry forums.
Spain in the spotlight: cyberattacks in numbers
The doubts are easier to understand in context. Spain is an increasingly frequent target on the global digital threat map. According to INCIBE, more than 83,000 cybersecurity incidents were detected in 2023, of which 237 affected critical infrastructure. In 2024, that number rose to 341 cases, a 43% increase in just one year.
The most targeted sectors:
- Energy (22%)
- Transport (25%)
- Finance (25%)
- ICT (18%)
These figures show that the power grid must face not only physical failures or human errors, but also invisible threats that can be activated at any time.
A worrying alert from North Africa
Even more disturbing is the coincidence between the blackout and a cyber activity alert from North Africa, issued by the CCN just days before the event. This activity was considered “unusual” and of “high potential risk.”
Notably, the two plants that collapsed were located in southern Spain, geographically more exposed to cross-border threats from North Africa. Although there is no evidence linking the two events, the temporal and geographic coincidence has raised concerns among specialists.
“We’re not saying there’s a direct connection, but when you have a prior alert and then a collapse in that same area, it needs to be thoroughly investigated,” an industry analyst told El Periódico de la Energía.
The world on alert: Russia, Ukraine, and systemic risk
The blackout also cannot be understood without the international context of heightened cyber tension. Since the start of the war in Ukraine, Russia has been accused by several European countries of launching digital attacks against energy infrastructure.
- Ukraine suffered attacks on its grid in 2015 and 2022.
- Germany and France have reported intrusions linked to pro-Russian groups.
- NATO and the EU have warned of the growing risk of “digital hybrid warfare.”
In 2024 and 2025, the EU Cybersecurity Agency (ENISA) issued several statements warning that European power grids are in the crosshairs of state and criminal actors.
Therefore, even though the incident in Spain has not been attributed to a foreign power, the timing could not be more delicate, and the blackout became, due to its symbolism, a case study at the European level.
Did the blackout cross borders?
Another relevant aspect: although the French grid held up, there were repercussions beyond Spain. The interconnections between France and the Iberian Peninsula were automatically disconnected to prevent the failure from spreading.
In the following hours, users in southern France, Belgium, and even northern Italy reported brief outages or voltage drops, although no European authority officially linked them to the Spanish blackout.
The French operator RTE admitted to having recorded “an anomalous electrical event on the southern border” at the same day and time as the peninsular collapse.
“The European grid is robust, but also interdependent. What happens in one country can echo in the rest,” noted an internal technical report from the European Energy Council.
An official explanation… and many unanswered questions
So far, the only version supported by data and technical analysis is that of a cascading operational failure, aggravated by the low inertia of the electrical system and the rapid disconnection of key generation. REE, INCIBE, and CCN have—at least publicly—ruled out any evidence of digital sabotage or external intrusion.
Everything else remains in the realm of hypotheses, geographic coincidence, and informed speculation. The fact that the first failures occurred in the south, days after an alert of unusual activity from North Africa, or that reports of instability emerged in other European countries, does not prove anything by itself. But it does not go unnoticed either.
Ultimately, until proven otherwise, the great blackout of April was an extraordinary technical failure. The other theories, for now, belong more to the realm of techno-thriller scripts than to official reports.
Still, when a technical coincidence seems like a rehearsal for a bigger crisis, it should not be completely ignored. Because in the era of smart electricity, the line between malfunction and threat is increasingly thin.
Sources:
- Red Eléctrica de España (REE) – Preliminary report on the April 28, 2025 blackout
- El Periódico de la Energía – Technical failure or sabotage? Doubts about the blackout
- INCIBE – Security in critical infrastructure: 2025 report
- Agencia EFE – The National Court opens investigation for possible cyberattack
- La Vanguardia – The blackout and the unresolved questions
