The frequency of cyberattacks targeting Bulgarian companies, institutions, and individuals has been rising sharply amid the tense global situation. According to the State Agency for National Security (SANS), the majority of these attacks are aimed at government bodies, along with organizations in sectors like transport, finance, communications, energy, healthcare, education, and defense.

Just recently, it came to light that the Russian hacker group Fancy Bear, linked to Russia’s GRU military intelligence, launched attacks against firms in Bulgaria and Romania. When asked about how Bulgaria is responding, SANS explained that it carries out a broad range of preventive, detection, and response activities to protect critical national security targets. This includes dealing with even the most unlikely but potentially destructive cyber methods. Upon detecting signs of an attack, SANS works closely with the affected organizations to help them recover and restore their vital information systems.

Most of the cyber threats come from hackers based in Russia, China, North Korea, and Iran. Their motives are varied but generally involve spreading disinformation, stealing data, and undermining the credibility of individuals or companies. In contrast, independent “lone wolf” hackers usually rely on phishing tactics aimed at draining bank accounts or stealing cryptocurrencies. SANS also expects state-sponsored hackers to increasingly use AI tools like ChatGPT to generate and distribute fake news, aiming to manipulate public opinion. Such disinformation often spreads through purposely created websites or social media platforms where information verification is minimal.

Over the past year, the prevalent types of cyberattacks in Bulgaria have included attempts to block information systems and theft of personal data. State institutions have been the primary targets, followed by companies involved in ammunition production and export. Financial institutions, hospitals, NGOs, and others have also been affected.

With rapid technological advances and the rise of artificial intelligence, SANS foresees a surge in large-scale cyberattacks. Hackers are becoming more adept at breaching defenses, scaling their operations, and covering their tracks more effectively.

SANS pointed out that Bulgaria remains vulnerable partly because many state-owned and private companies lack the resources to employ cybersecurity specialists. Bulgarian Posts, for instance, was hit by such an attack and continues to struggle financially in 2024.

To counter these threats, SANS emphasizes its role in training personnel and supporting organizations in planning, implementing, and auditing information security measures. The agency also operates a Center for Monitoring and Response to Cyber Incidents affecting key national security infrastructure, which has been active for two years and continuously monitors information security in real time.

The state is making ongoing efforts to strengthen cyber defenses, but the challenge remains significant as cybercriminals grow more sophisticated and persistent.