Cyber Incident Victim: Energy and Water Regulatory Commission

On April 20, 2022, the Energy and Water Regulatory Commission (KEVR) of Bulgaria publicly disclosed a cyberattack targeting its official website. The incident rendered the regulator's primary online platform inoperable, disrupting public access to its digital services. KEVR's press center confirmed the disruption originated from malicious external activity but did not specify the technical nature of the attack or identify potential threat actors. No details were provided regarding the exact time of initial compromise, duration of attacker access prior to detection, or specific attack vectors employed. The outage directly impacted stakeholders reliant on the website for regulatory information, though the commission did not elaborate on whether internal systems or data repositories beyond the public-facing site were affected. Immediate consequences included the unavailability of standard online functionalities, though KEVR did not cite evidence of data exfiltration or systemic infrastructure damage at the time of reporting.

Specialists from unspecified institutional partners collaborated with KEVR to mitigate the attack and restore services. Response efforts prioritized full functional recovery of the website within the shortest possible timeframe, though no specific restoration deadline or interim contingency measures were announced. The commission's communications emphasized operational remediation without disclosing forensic findings, attribution hypotheses, or collateral impacts on energy or water sector entities under its regulatory purview. Work continued to resolve residual technical issues affecting the platform's operational capacity, with no further public updates confirming completion timelines or post-incident security enhancements. The disruption underscored persistent cybersecurity vulnerabilities within critical national infrastructure entities despite increased regional awareness following previous attacks on Bulgarian governmental targets.