But Dr. Vesselin Bontchev, an assistant professor at the Bulgarian Academy of Sciences and a cybersecurity expert, said that the government — like many others — needed to broaden its view of what is vital to national security.
Many government officials, he said, “were worried mostly about the usual that gets discussed in the Western press — hybrid warfare, Russian disinformation and meddling, attacks against the critical infrastructure — that sort of thing.”
But those were “largely theoretical problems,” he said. “I didn’t see anyone being particularly worried about viruses, ransomware, data breaches, phishing and other everyday cybersecurity problems. Although, arguably, the National Revenue Agency is critical infrastructure.”
The breach of the National Revenue Agency, Bulgaria’s tax authority, is believed to have occurred in June and may have continued for some time. It was not made public until Monday, after news outlets around the country received an email — which came from a Russian address — claiming responsibility for the attack.
But like with so many cyberattacks, taking an inventory of the damage was a simpler task than assigning blame and understanding the broader implications.
As residents of one of the European Union’s newest and poorest member states wrestled with how the breach might affect their lives — with many fearing identity theft, and scores going to social media to mock their government — public officials offered a variety of theories about who might have been responsible.
Most attacks of this nature in Eastern and Central Europe are financially motivated, the tactic of criminal gangs looking to sell the information or use it for blackmail. David Balson, the director of intelligence at Ripjar, a security company in Britain, said it was becoming easier and easier to conduct this type of attack, with open-source tools readily available online.