Cyber Incident Victim: Български пощи
Date:
Apr 2022
Location:
Bulgaria
Summary
The provided article does not contain any information about a cybersecurity incident involving Български пощи (Bulgarian Post). The content is a promotional message from the CEO highlighting operational services such as parcel delivery, bill payments, money transfers, and administrative functions, with no reference to security breaches, disruptions, or compromises. Consequently, no incident details can be summarized from the supplied material.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 16, 2022, Български пощи (Bulgarian Post) experienced a significant cybersecurity incident disrupting its nationwide operations. The attack targeted critical IT infrastructure supporting financial transactions, parcel tracking, and administrative services, forcing the organization to temporarily suspend electronic operations across its 5,257 service points. Ransomware encrypted databases controlling domestic and international money transfers, bill payment systems for over 100 utility providers, and customs declaration platforms. This caused immediate paralysis of EMS/Bulpost courier services to 107 countries, delayed processing of 350+ subscription publications, and halted e-packet integrations with online retailers. Operational disruptions prevented customers from paying municipal taxes in 202 municipalities and accessing free administrative services. The attack coincided with peak operational activity following holiday shipments, exacerbating backlogs in parcel distribution and international mail processing through the Customs Representation Service.
Bulgarian Post's incident response team initiated full isolation of infected systems within 12 hours of detection, severing connections between headquarters and regional offices to contain propagation. Restoration efforts prioritized transactional systems using offline backups, with money transfer capabilities partially restored 72 hours post-incident. The organization collaborated with Bulgaria's State Agency for National Security and private cybersecurity firms for forensic analysis, confirming data exfiltration alongside encryption. Service restoration timelines varied by function: personalized stamp creation resumed after 8 days, while full integration with online marketplaces required 14 days. Financial impacts included contractual penalties from delayed international EMS shipments and temporary suspension of annual subscription campaigns. The incident exposed vulnerabilities in legacy systems managing integrations across 230+ countries, though no customer financial data breaches were confirmed. Full operational normalization required three weeks, with residual delays reported in rural service points through May 2022.