Cyberattacks on Bulgaria on the Rise

Cyberattacks targeting Bulgaria are increasing, with experts citing the ongoing war in the Middle East as one contributing factor. Last year, the state IT company “Information Services” recorded over 1,500 attacks.

Plans are underway to upgrade the current monitoring centre, which now protects critical infrastructure, into a National Cybersecurity Operations Centre. The goal is to establish a unified and effective mechanism to counter the growing number of cyber and hybrid attacks.

Since the outbreak of conflict in the Middle East, experts have reported a surge in hybrid attacks, most often targeting key EU and NATO platforms. Online, powerful disinformation campaigns have also been activated.

Globally, experts note a 700% increase in cyberattacks.

Prof. Dr. Ilin Savov, an international expert in cybersecurity and cyber prevention, warned: “Cyber-organised criminal consortia are increasingly uniting around the pursuit of quick profits and influence. In recent years, they have become highly organised, more aggressive, and extremely consistent in their tactics within the digital environment.”

Simeon Kartzelanski, Cybersecurity Manager at „Information Services“, stated: “Yes, Bulgaria is not a direct participant in this type of conflict, but similar attacks are also observed on our territory. Due to the specific nature of the infrastructures, I cannot provide more detailed information.”

According to „Information Services“, Bulgaria registered 1,513 cyber incidents last year.

Simeon Kartzelanski, Cybersecurity Manager at the company, explained: “The incidents are related to so-called denial-of-service attacks, phishing emails, emails that create false identities, or the infection of users’ workstations to steal credentials and bank accounts.”

He added that attacks most often target websites or specific user services, sometimes combined with psychological impact. Another type, so-called “silent attacks,” involves professional hacker groups infiltrating infrastructure to gather information. A notable example is the power outages in Ukraine following the start of the war.

“About two months ago, Poland’s National Cybersecurity Centre published a report on a coordinated attack on their electricity infrastructure aimed at disrupting the country’s power supply,” Kartzelanski said.

In response to the rising attacks, Bulgaria’s cybersecurity operational centre is being upgraded. The new national security architecture incorporates much of the U.S. experience and intelligence sharing.

Kartzelanski noted: “When an incident occurs in another country, whether in the EU, a NATO member, or the U.S., that information can be quickly and automatically shared with Bulgaria, enabling us to anticipate attacks and be aware of emerging threats in the international cyber environment.”

The full upgrade of the national system is expected to be completed within a year and a half.