Bulgarian Defense Ministry

The Bulgarian Ministry of Defense serves as the central government body responsible for national defense policy, military strategy, and the administration of the Bulgarian Armed Forces. Its core mandate encompasses the protection of the nation's sovereignty, territorial integrity, and constitutional order. As a key state institution, it manages defense budgeting, procurement, personnel, and the operational readiness of military units. The ministry also engages in international defense cooperation, including participation in NATO missions and partnerships, which aligns with Bulgaria's commitments as an alliance member. A significant aspect of its public-facing operations involves maintaining official websites that provide information on defense policy, news, and services for military personnel and citizens. These digital platforms constitute a critical channel for official communication and transparency, making them a target for those seeking to disrupt state functions or project influence.

The ministry's role as a symbol of national security and its alignment with Western alliances were highlighted by a significant cyber incident in October 2022. On that date, the pro-Russian hacking group Killnet launched a distributed denial-of-service (DDoS) attack against multiple Bulgarian government websites, including those of the Defense Ministry. The attack successfully disrupted access for a period and caused prolonged slowdowns, though it resulted in no data breaches or lasting technical damage to systems. Killnet claimed responsibility on Telegram, framing the attack as retaliation for Bulgaria's alleged betrayal of Russia through military support to Ukraine. Bulgarian officials clarified that no domestic weaponry had been supplied from Bulgarian stocks to Ukraine, underscoring the political narrative underpinning the assault. This event placed the ministry within a broader campaign targeting nations perceived as aiding Ukraine, illustrating its vulnerability to hybrid warfare tactics aimed at undermining public trust in state institutions rather than stealing data. Bulgarian authorities identified a suspect located in Russia but assessed that extradition was highly unlikely, a reality that reflects the challenges of cross-border cyber law enforcement. Cybersecurity experts linked Killnet to Russian intelligence operations, situating the attack within a pattern of state-adjacent cyber activity designed to create disruption and amplify geopolitical messaging against countries supporting Ukraine. The incident confirmed the ministry's status as a high-profile target in the current geopolitical landscape, where its digital presence is a frontline for informational and psychological operations.