A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russia’s main security agency (FSB) that represents the largest data heist ever experienced there.
In Bulgaria, cybercriminals were able to infiltrate the country’s tax revenue office, lifting personal data of 5 million Bulgarians. Bulgaria has just 7 million people, meaning that almost every adult is impacted. The compromised information includes retirement pension information, addresses, incomes and names, all of which was made available on the internet, according to reports.
A National Revenue Agency spokesman offered few details on the attack, though the hack is believed to have happened in June. The Bulgarian Commission for Personal Data Protection said it has launched an investigation into the hack.
“As there is undergoing investigation, we couldn’t provide more details about reasons behind the hack,” agency Communications Director Rossen Bachvarov told CNN.
Meanwhile, Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in the Bulgarian capital of Sofia last week in connection to the breach, according to NPR. A police raid saw the seizure of computers and mobile devices with encrypted information. At first, Boykov was charged with a hack against critical infrastructure, with a maximum sentence of eight years in jail. However, the charges were dropped and replaced with the charge of crime against information systems, which carries a maximum jail sentence of three years.
The breach wasn’t uncovered until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack, and mocking Bulgaria’s security as weak. It’s unclear if regulators will find lax security to be the issue, but under the European Union’s GDPR data privacy regulation, the Bulgarian government could face a fine of up to $22.4 million, according to NPR.
Meanwhile in Russia, the Federal Security Service (FSB) was in the crosshairs for cybercriminals who made off with 7.5 terabytes of data from one of FSB’s main contractors. The hack revealed several FSB projects aimed at de-anonymizing Tor communications, establish a closed internet for the country and collecting social-media information on citizens. Forbes and other mainstream Western news outlets received sample documents after a hacking group called Digital Revolution went public with the attack via Twitter.
Эй, ФСБ, как там у вас получается с Натиском-2? Может стоило бы поменять название проекта на Дуршлаг-1? @Dobrokhotov @RuBlackListNET @leonidvolkov @msvetov @shaveddinov @kozlyuk @RuHackersNews @the_ins_ru @tjournal @kmartynov @bbcrussian pic.twitter.com/RjKCFnXWlT
— DigitalRevolution (@D1G1R3V) July 18, 2019
The attack, according to BBC Russia, is believed to have happened on July 13, when a group called 0v1ru$, under the Digital revolution umbrella, breached a contractor called SyTech.
Attacks on government targets are far from unheard of. The U.S. Department of Veterans Affairs for instance suffered a major data breach in 2006, when personal data of more than 26 million veterans and military personnel were compromised. More recently, in 2016, U.S. Office of Personnel Management breaches exposed sensitive data belonging to more than 22 million people.
Attacks via contractors are also not unheard-of, as Edward Snowden effectively demonstrated in 2013.
Interested in more on patch management? Don’t miss our free live Threatpost webinar, “Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. EDT. Please join Threatpost editor Tom Spring and a panel of patch experts as they discuss the latest trends in Patch Management, how to find the right solution for your business and what the biggest challenges are when it comes to deploying a program. Register and Learn More