Yesterday a huge breach on the bulgarian NAP, the financial authorities was disclosed and the hackers claim to have stolen the personal data of five million bulgarian citizens.

The attacker also mailed some of the local press and a journalist shared the below email on twitter, some of the things in there are just remarkable and you start asking those questions:

  • How can someone stay undetected in a ministry network for more than 10 years?
  • How do you exfiltrate 21GB of data without anyone noticing (low and slow?)
  • Is it smart or stupid to try to bargain with a government?
  • What did the attack look like and how can data that sensible not be protected better?