Bulgaria’s prosecutor’s office said on July 17 that it has pressed charges against a 20-year-old Bulgarian national, who has been detained for a period of 72 hours in relation to the cyber attack on the country’s National Revenue Agency.
The prosecutors said that man was charged under a Penal Code article that deals with cyber crimes against computer systems that are part of critical infrastructure, which carries a possible sentence of five to eight years in prison, as well as a fine of up to 10 000 leva (about 5112 euro).
The man is described as a cybersecurity expert tasked with testing and auditing IT systems. He was arrested on July 16 at his place of employment, but prosecutors said that his actions had no relation to his employer’s activity.
Law enforcement officers also raided his residences in Sofia and Plovdiv, seizing computers and storage devices, the prosecutor’s office said.
Sofia city prosecutor’s office opened an investigation after it emerged that a cyber attack on the revenue agency gained access to the personal and financial data of more than five million Bulgarian and foreign nationals, as well as companies.
One of the files shared with Bulgarian media contained data identifying the computer and credentials used to access the data.
It was not clear if the man was the sole perpetrator of the attack, the head of the cyber crimes unit at the Interior Ministry’s general directorate for fighting organised crime, Yavor Kolev, told Bulgarian National Radio.
“At this stage we cannot be absolutely sure because the investigation is still at an early stage and there is a lot of work to be done to get the full picture. We are investigating all possible avenues,” he was quoted as saying.