Cyberattack disrupts Bulgarian government websites over ‘betrayal to Russia’

Pro-Russian hackers were behind a “large-scale” cyberattack on Bulgarian government websites on Saturday, according to Bulgaria’s Prosecutor-General Ivan Geshev. 

The distributed denial-of-service (DDoS) attack briefly took down the websites of the presidential administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court. 

After access was restored, the sites were running slower than usual, according to the local Bulgarian online publication Dnevnik.

The pro-Russian hacking group Killnet claimed responsibility for the attack, saying it was a punishment “for betrayal to Russia and the supply of weapons to Ukraine.” 

“The government of Bulgaria is sentenced to network collapse and shame,” Killnet wrote on its official group on Telegram.

The attack is just the latest in a string of high-profile Killnet DDoS campaigns, which knock websites offline by flooding them with junk traffic. The attacks have made websites temporarily unavailable, but have not done serious damage. 

The group’s main goal, according to experts, is to attract the attention of the media and undermine confidence in state institutions.

Killnet has been active since the start of the Russian invasion of Ukraine. It previously targeted dozens of government networks across Europe in countries including Romania, Italy, Lithuania, Norway, Poland, Finland, and Latvia.

Although the attack did not have serious consequences and no sensitive data was leaked, it provoked a strong reaction from Bulgarian government officials. Geshev called it "a serious problem" and "an attack on the Bulgarian state."

Hacker allegedly identified

Bulgarian Deputy Chief Prosecutor Borislav Sarafov said that the country’s cybersecurity agency has identified the name and the address of one of the hackers who carried out the attack. According to an investigation, the hacker is based in the Russian city of Magnitogorsk.

Bulgaria intends to request the extradition of this hacker from Russia, according to Sarafov, but the chance that the Kremlin will cooperate is very low, he said.

Killnet is most likely controlled by Russian intelligence agencies, according to Yavor Kolev, a Bulgarian cybersecurity expert.

"In a totalitarian state, such a group cannot act independently. It performs the tasks assigned to it,” he said.

Killnet usually attacks countries that actively support Ukraine. Bulgaria, however, has historically close ties to Russia and doesn't support Ukraine's attempts to become a member of NATO.

During the war, Bulgaria has provided asylum to Ukrainian refugees, sent humanitarian aid to Ukraine, and repaired Ukraine’s heavy weapons. 

Contrary to Killnet’s claims, Bulgaria refused to send its own weaponry to the Ukrainian army, citing a need for its own defense.

One of the reasons for Killnet's attack, according to Kolev, could be Bulgaria's active involvement in the political arena. “Killnet has attacked more than 50 countries,” he said. “Bulgaria's turn has come.”