Menu
Browse

Cyber Threat Actor: Kristian Boykov

Actor Type Location Known Incidents
 Icon
Activist
Bulgaria
0 incidents
Profile

Kristian Boykov is the alias used by the individual who claimed responsibility for the 2019 data breach affecting Bulgaria’s National Revenue Agency. The threat actor is associated with Bulgaria according to the provided context, although the actor himself asserted a Russian identity during a television interview, a claim the source notes should not be taken at face value. No further personal details such as age, affiliation, or organizational ties are publicly confirmed in the available material.

The actor described obtaining access to the National Revenue Agency’s network for more than eleven years and exfiltrating approximately 110 databases totalling nearly 21 gigabytes of data. Of this collection, 57 databases amounting to 11 gigabytes were shared with local media outlets, with the promise to release the remainder in the following days. The stolen material included not only National Revenue Agency records but also data that appeared to have been imported from other government bodies, specifically the Bulgarian Excise Centralized Information System, the National Health Insurance Fund, and the Bulgarian Employment Agency. Contact with journalists was made via a Yandex.ru email address, and the message contained a paraphrased quote attributed to Julian Assange criticizing the government’s cybersecurity posture.

Following the leak, opposition parties in Bulgaria called for the resignation of Finance Minister Vladislav Goranov, highlighting the political repercussions of the incident. The source also notes a separate, unrelated event in which Bulgarian authorities detained an IT expert for publishing details about a vulnerability in a state‑managed kindergarten web portal that could be used to harvest personal identification numbers. No malware families, specific initial access vectors, or tooling styles are referenced in the article, and no definitive attribution to a state sponsor or criminal consortium has been established based on the information provided. The incident remains a notable example of a prolonged data exfiltration campaign targeting multiple Bulgarian governmental systems.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source