Bulgaria's Attorney General releases more evidence from tax office hack investigation

Email supposedly from a Russian hacker found on PC of accused, Kristian Boykov

Bulgaria's Attorney General has released more evidence from the investigation into June's attack on the country's tax office, the National Revenue Agency (NRA).

Investigators claim to have found the text of the email from the supposed "Russian hacker" sent to media outlets following the NRA data spillage on the PC of Kristian Boykov, the TAD Group security investigator accused of being behind the attack.

Earlier, investigators had claimed that TAD Group's business model involved conducting cyber attacks on organisations, before supposedly riding to their rescue with security services.

At least 49 entities have been linked with revenue-generating TAD Group attacks, according to authorities in Bulgaria. Investigators' claims were backed up by CCTV taken from the organisation, which included sound recordings directly implicating TAD Group founder Ivan Todorov, according to the authorities.

Transcripts from those recordings indicated that TAD Group would actively seek-out vulnerabilities, and conduct anonymous attacks against entities found to be insecure as a means of drumming up business. According to Bulgarian security pro Dr Vesselin Vladimirov, investigators also found information about companies on TAD Group's computers that the company could not have picked up legitimately.

"Witness acounts from directors of companies that were hacked by TAD Group. They have confirmed that the information found on TAD Group's computers belongs to their companies and shouldn't have been found elsewhere," wrote Vladimirov in a Twitter thread over the bank holiday weekend.

He continued: "One of them was contacted by TAD Group with an offer to conduct a pentest against his company and to fix any vulnerabilities found, but rejected the offer, because he already had a better offer from another company."

Investigators have also released transcripts of security camera recordings of Boykov insisting that "files should be deleted" from the company's computers. However, it appears that the files were not deleted beyond recovery.

Happily, though, Bulgaria's finance minister has declared that not only should the NRA be able to shoulder the burden of the inevitable GDPR fine could be heading its way this week, but that bonuses will remain untouched.

In a Mediapool report, Finance Minister Vladislav Goranov is quoted as saying: "We have enough money from the budget itself and there will be no need to refinance the system… this will not affect the budget."