Pierluigi Paganini July 16, 2019

Hackers stole data of millions of Bulgarians, and sent it to local media, According to the media the source could be the National Revenue Agency.

Hackers have exfiltrated data from a Bulgarian government system, likely the National Revenue Agency (NRA), and have shared it with the local media.

The hackers have stolen the personal details of millions of Bulgarians and sent to the local newspaper download links for the archives containing them.

“The link was sent by anonymous hackers via Russian mail servers on Monday to the Bulgarian media. The array of 57 folders contains thousands of files that they claim to be from the Treasury’s servers, probably.” reads the Monitor website.

The National Revenue Agency is investigating the incident and verifying the authenticity of the data.

“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check the potential vulnerability of the National Revenue Agency’s computer system.” reads a statement published by the NRA.

“Earlier today, emails of certain media have been sent a link to download files allegedly belonging to the Bulgarian Ministry of Finance. We are currently verifying whether the data is real.”

The hackers claim to have breached Treasury’s servers and have exfiltrated data from more than 110 databases. More than 5 million Bulgarian and foreign citizens are affected, consider that the country has a population composed of 7 million people.

“Your government is slow to develop, your state of cybersecurity is parodyous,” wrote the hackers.

The hacker bragged about stealing 110 databases from NRA’s network, totaling nearly 21 GB. The hacker only shared 57 databases, comprising 11GB of data out of 21 aggregate data with local news outlets but promised to release the rest in the coming days.

“Perhaps the biggest leak of personal data in Bulgaria. That’s how the 57-folder contains more than a thousand files that anonymous hackers sent to Bulgarian media on Monday.” reported the Capital website. “Upon reviewing the information, Capital has opened databases with more than 1 million rows containing PINs, names, addresses, and even earnings.”

Most of the data is very old, in some cases, information is dated back as far as 2007.

Hackers also leaked information from Department Civil Registration and Administrative Services (GRAO), Bulgaria’s customs agency, the National Health Insurance Fund (NZOK), and data from the Bulgarian Employment Agency (AZ).

The email was sent by an email address belonging to the Russian service Yandex.ru. The message sent to local media by hackers ends with a quote by WikiLeaks founder Julian Assange and calls for his release.

“Your government is stupid. Your is a parody.” closes the email.

Immediately after the leak of the data, the Democratic Bulgaria opposition party demanded the resignation of Finance Minister Vladislav Goranov.

It seems that cyber security for Bulgarian government services is very poor, tt the end of June, Bulgarian police arrested the IT expert Petko Petrov after he publicly demonstrated a security vulnerability in the kindergarten software used by local kindergartens.

Pierluigi Paganini

(SecurityAffairs – Bulgarians, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]