Russia is trying to infiltrate NATO systems through Bulgaria. It seems that Russia is ready to do anything at the moment to get information important for the war, according to an expert. Christopher Nehring’s analysis of “Deutsch Vele”.
It all started with the president’s website. On Saturday, October 15, for several hours it could not be opened. A little later, the websites of a number of Bulgarian ministries followed. According to the Presidential Administration and the Ministry of e-Government, the crash was due to a single, targeted cyber attack. However, the problem was fixed on the same day, the Bulgarian authorities hastened to announce.
Last week, Russian authorities tried to find some connection between the Crimean bridge explosion and Bulgaria. However, this turned out to be an obvious propaganda operation without solid evidence against the NATO member country. However, with this new cyber attack, Russia has once again turned the spiral of escalation.
The War on the West: Russia’s ‘KILLNET’ Hackers
The alleged perpetrators of the cyberattack quickly became clear. The Russian hacker group “KILLNET” itself announced it on its channel in “Telegram” with a personal message to the chief prosecutor Ivan Geshev. But who exactly are “KILLNET”?
“KILLNET” is a relatively new and very aggressive hacking group from Russia, connected to the FSB” (Federal Security Service), Ruslan Trad, a security expert at the Atlantic Council, told DV.
The group was formed after the beginning of the Russian aggression against Ukraine, which began on February 24. It has declared war on governments supporting Ukraine. “Their specialty is the so-called DoS and DDoS attacks,” explains the analyst. “DoS – Denial of Service” and “DDoS – Distributed Denial of Service” are cyberattacks where hackers flood systems and websites with a huge amount of requests until they crash. DDoS attacks also use foreign devices and servers at the same time to increase the power of the attack. Just such a technically complex DDoS attack was carried out by “KILLNET” against the Bulgarian government on Saturday. “Similar attacks have already been carried out by KILLNET this year in the US, Norway, Lithuania and many other countries,” says Trad.
“Russia is ready for anything”
“Usually this type of cyberattacks are used to demonstrate power, instill fear or blackmail,” explains the Bulgarian expert. “But in this case, I have no doubt that it is about something more: in my opinion, the attack has not even stopped yet, and it is not about blocking government sites, but about penetrating IT systems and obtaining data,” says Ruslan Trad . If so, it would constitute an attempt at cyberespionage disguised as a sabotage attack.
“The Attorney General and the Ministry of Defense said just a few hours after the attack that no data was stolen. But it’s too early to say for sure,” commented Trad. “As a member of NATO and the EU, the Bulgarian services are connected to the common information exchange systems. It is well known in hacker circles that the Bulgarian IT infrastructure has many weak points. I believe that Russia is currently trying to penetrate the systems of NATO through Bulgaria! It seems that Russia is ready for anything at the moment to get information important for the war,” says Trad.
Arms deliveries and hesitant Bulgarian reactions
But why is Russia so determined to put little Bulgaria under this enormous pressure? Because after the elections in October, just now, for the first time, there is a chance to find a parliamentary majority for the delivery of heavy weapons to Ukraine. It is expected that in the next two weeks the corresponding proposal will be submitted to the parliament.
President Rumen Radev and the caretaker government appointed by him categorically reject the possibility of such deliveries. And it is hardly a coincidence that Defense Minister Dimitar Stoyanov, who is Radev’s former chief secretary, rejected Ukraine’s request for arms delivery the very day after the cyber attack. Just a day later, President Radev also categorically rejected any arms deliveries to Ukraine. And on Monday (October 17), the European Parliament called on all “hesitant states” – and especially Hungary and Bulgaria, which until now were the only ones to refuse military aid, to supply Ukraine with weapons as soon as possible.
Disputes intensified last week and over the question of whether the Russian ambassador Eleonora Mitrofanova, whose figure is highly disputed in Bulgaria because of her aggressive and even vulgar statements, should be invited to the opening of the newly elected parliament. Pro-Western and pro-Ukrainian political forces demanded that she not receive an invitation. However, President Radev called on the parties to “deal with the real problems of Bulgarians, with poverty, inflation and prices”. It is possible that this dispute also served as a pretext for the cyber attack.
Why is there no talk of the role of the Russian state?
The caretaker government is seen to be hesitant to defend against Russian attacks. Last week, Prime Minister Galab Donev’s office failed to reject in the most categorical way the Russian accusations about the blown-up bridge in Crimea. The same thing happened again after the cyber attack on 15.10.2022. The chief prosecutor Ivan Geshev spoke only about an attack carried out by the Russian city of Magnitogorsk, but without expressing a clear position or condemnation. The head of the Bulgarian investigative service, Borislav Sarafov, in his turn stated that the perpetrator of the attack has been identified and is in Russia. However, he also avoided any comment on Russia.
“The important question, in my opinion, is why Russia is not named as directly responsible for the attack? The group “KILLNET” is well known, as well as the fact that the Kremlin likes to use such groups for its purposes,” commented Ruslan Trad.