Cyber Incident Victim: Bulgarian Government
Date:
Oct 2022
Location:
Bulgaria
Summary
A cyber attack employing Distributed Denial of Service (DDoS) techniques targeted multiple government ministries, the Presidency, revenue agencies, telecommunications firms, airports, banks, and media outlets in Bulgaria. Officials attributed the attack to an individual in Magnitogorsk, Russia, confirming no data compromise occurred. Authorities initiated investigations and pledged to prosecute those responsible, potentially in absentia if extradition from Russia proves unfeasible. The country's defense minister linked the incident to unfounded Russian accusations regarding Bulgaria's alleged involvement in the Crimea bridge explosion, asserting the attack was successfully repelled without damage. He reiterated Bulgaria's position as a non-participant in that event and highlighted parliamentary restrictions on supplying weaponry to Ukraine despite prior military-technical aid agreements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 15, 2022, a Distributed Denial of Service (DDoS) attack targeted multiple Bulgarian government and private websites, including those of government ministries, the Presidency, the National Revenue Agency, telecommunications companies, airports, banks, and media outlets. The attack disrupted online services but did not compromise sensitive information or data, according to official assurances from Bulgarian authorities. The following day, Borislav Sarafov, head of Bulgaria’s National Investigation Service, publicly identified the origin of the attack as the Russian city of Magnitogorsk, stating that investigators had determined the perpetrator’s name and address. Bulgaria’s Prosecutor’s Office initiated an investigation, directing the State Agency for National Security, the Chief Directorate for Combating Organised Crime, and the National Investigation Service’s cyber crimes department to gather evidence and identify all involved parties. Svetoslav Vassilev, head of the cyber crimes department, characterized the attack as a standard DDoS incident commonly experienced by institutions, though he did not elaborate on technical specifics.
Caretaker Defence Minister Dimitar Stoyanov confirmed the Defence Ministry’s website was among those targeted and linked the attack to unsubstantiated Russian allegations implicating Bulgaria in the October 2022 explosion on the Crimea Bridge, which Bulgarian security services had already dismissed as baseless. Stoyanov emphasized that Bulgarian defenses successfully repelled the cyber assault without operational damage, asserting the country’s resilience within NATO and denying any involvement in the Crimea incident. Legal proceedings were prepared to prosecute the identified attacker, contingent on extradition cooperation from Russian judicial authorities; absent cooperation, Bulgarian officials planned to pursue a trial in absentia. Concurrently, Stoyanov reiterated Bulgaria’s policy regarding military aid to Ukraine, citing the caretaker government’s adherence to the 47th National Assembly’s earlier decision to provide only non-weaponry “military-technical” assistance and noting the absence of surplus arms for transfer. The incident occurred amid political preparations for the 48th National Assembly’s first session on October 19, where a draft decision on potential weaponry supplies to Ukraine was expected to be introduced.