{"id":50941,"date":"2020-01-14T13:42:48","date_gmt":"2020-01-14T10:42:48","guid":{"rendered":"https:\/\/bivol.bg\/?p=50941"},"modified":"2020-01-16T20:15:15","modified_gmt":"2020-01-16T17:15:15","slug":"gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria","status":"publish","type":"post","link":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html","title":{"rendered":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria"},"content":{"rendered":"

The attacks by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) on targets in the United States, France, Ukraine, and South Korea had been undertaken through servers rented out by a Bulgarian company with a Ukrainian owner. The attackers had taken advantage of the opportunity to rent the servers anonymously and without traceability. A Bivol reporter also managed to rent such a server by registering with a fake ID and paying with bitcoins. We were able to contact the Ukrainian owner, who stated that he was ready to cooperate with any investigation into the attacks. So far, however, no one is looking for him because the Bulgarian intelligence is not interested in these findings.<\/p>\n

Information that Russian attackers had used Bulgarian servers appeared as early as mid-November 2019, in an article<\/a> by respected American journalist Andy Greenberg<\/strong> for Wired<\/em> magazine. Cybersecurity experts from the firm FireEye had identified IPs used in phishing attacks against the US Democratic Party (DCLeaks<\/a>), the party of French President Macron (Macronleaks<\/a>), the Pyeongchang Olympics<\/a>, the Ukrainian electric power distribution grid and the NotPetya virus, inflicting USD 10 billion in damage.<\/p>\n

Everywhere, experts have discovered the fingerprints of a cyberwar squad inside the GRU, known as the Sandworm of GRU\u2019s unit 74455. The special counsel Robert Mueller\u2019s investigation into Russian interference in the 2016 US election identified it as well. It indicted 12 Russian military intelligence officers for penetrating the Democratic National Convention (DNC) servers and leaking correspondence to influence the election.<\/p>\n

Bivol examined the IPs identified by FireEye in the various attacks and found that four of them lead to servers hosted by the Bulgarian company HZ Hosting Ltd<\/strong>. – 185.80.53.22<\/a>, 5.149.248.67<\/a>, 5.149.249.172<\/a>, 5.149.254.114<\/a>, which is registered in Bulgaria\u2019s second-largest city of Plovdiv.<\/p>\n

Phantom firm bought through the Bulgarian Embassy in Kyiv <\/strong><\/h2>\n

HZ Hosting Ltd. is the trademark behind the HostZealot<\/a> hosting provider that offers internet servers for rent. One of our reporters visited the address of the company in Plovdiv, at 2 \u201cLyuben Karavelov\u201d Street floor 3 office 5, where he found only the office of lawyer Alexander Filev and of an accounting firm.<\/p>\n

The company has existed since 2015 when Plovdiv-based lawyer Filev has registered it under the name \u201cGlobal Industrial Company\u201d with owner and manager Vilko Lyubenov Damyanov.<\/p>\n

\"\"<\/a>

The hosting company phantom office<\/p><\/div>\n

Research shows<\/a> that Damyanov is the listed owner of several similar companies, registered at 23 A \u201cSan Stefano\u201d Street in the capital Sofia or at 2 \u201cLyuben Karavelov\u201d Street in Plovdiv. What the companies have in common is that they have been subsequently sold to foreigners.<\/p>\n

The same thing happened with \u201cGlobal Industrial Company\u201d just a month after it had been created. The owner of the company is Danil Eremka<\/strong> from Ukraine, represented by lawyer Filev with a power of attorney issued by the Bulgarian Embassy in Kiev.<\/p>\n

Actually, Eremka has not set foot in Bulgaria to acquire and launch the business through this company. The Plovdiv bookkeeping company “Capital 2011”, which he has never visited either, does its accounting, our reporter found. HZ Hosting is serviced entirely remotely, via email.<\/p>\n

Renting a server anonymously<\/strong><\/h2>\n

Despite the above, the operations of HZ Hosting are real. The company generates turnover and posts net sales revenues (BGN 1.3 million in 2018), according to the most recent annual financial statements. The hostzealot.com site allows customers to order a server and pay with any of the popular cryptocurrencies without leaving a trace leading back to them.<\/p>\n

Bivol reporters checked its services by registering an anonymous email address at tutanota.com, accessing it through a VPN to mask the original IP address. Then, with that email address and the fake ID of some Ivan Ivanov from the United States ordered a server at hostzealot.com and paid for it with bitcoins.<\/p>\n

\"\"<\/a>

Bivol managed to rent a server with fake identity paying with bitcoins<\/p><\/div>\n

The Bulgarian company issued an invoice for the bitcoin-paid server and should account for it accordingly. However, the customer can actually be a fake and there is no way to identify them.<\/p>\n

The whole process of registering and paying for the server went smoothly and for a few days, the server in question had a Linux installation with a web server<\/a> showing the text “This server was paid anonymously with bitcoins for the needs of a journalistic investigation by Bivol.bg<\/a>“.<\/strong><\/p>\n

This proves that anyone, including a Russian GRU cyberattacker, can buy a web resource from Bulgaria in minutes without leaving a trace and then attack the target from it.<\/p>\n

Eremka will assist the authorities if they approach him<\/strong><\/h2>\n

With the help of Ukrainian colleagues of YouControl<\/a>, Bivol found detailed information about the owner of HZ Hosting and hostzealot.com. The Ukrainian citizen Danilo Eremka turned out to be a real person living in Kharkiv.<\/p>\n

Eremka (spelled \u0404\u0420\u042c\u041e\u041c\u041a\u0410-YERIOMKA) is an IT specialist who, however, does not do business in his native Ukraine. There, he is only listed as the founder of the local Tesla football club. In 2012, he started a business providing Internet services with Fortunix Networks L.P., a UK-based company. At the end of 2012, he purchased the domain hostzealot.com on behalf of this company.<\/p>\n

\"\"<\/a>

Danil Eremka, Photo LinkedIn https:\/\/www.linkedin.com\/in\/dan-ieromka-42171425\/<\/a><\/p><\/div>\n

Fortunix Networx L.P. has not lasted long in the United Kingdom, but its name is still associated with IPs that HZ Hosting currently owns.<\/p>\n

Bivol reached Danil Eremka, who explained that he had moved his business to Bulgaria because he did not want to use offshore registration. He also had difficulty opening a bank account in the United Kingdom with Fortunix Networx L.P..<\/p>\n

Asked for comment on the fact that Russian attackers prefer the servers he rents, Eremka said his company does not monitor what customers are doing. However, he is ready to assist the authorities if they approach him.<\/p>\n

\"\"<\/a>

Eremka starts his HostZealot business with UK company in 2012 \u0433.<\/p><\/div>\n

Nevertheless, his assistance may end up being useless because of the anonymity of the whole process of renting and paying for the servers. Danil Eremka commented that his company does risk analyses, but it was not possible to identify all risk clients. He acknowledged that cryptocurrency server shopping is particularly problematic and promised to introduce additional controls to identify customers.<\/p>\n

From Bangladesh to Yambol<\/strong><\/h2>\n

However, the Bulgarian trail in the actions of the Russian attackers does not end with the Plovdiv company HZ Hosting. Two more IPs used by them – 130.185.250.77<\/a> and 130.185.250.171<\/a> – belong to BeeHosted – Internet Services & Hosting Provider from Bangladesh<\/a>, but according to the site IPINFO.io they are located in the southern Bulgarian city of Yambol<\/a>.<\/p>\n

Another IP address localization service<\/a> associates these addresses with the Bulgarian company Lir.bg. Experts interviewed by Bivol commented that it was probably an old registration of the entire address network, which is currently linked to the Dutch company Global Layer BV, also mentioned in the FireEye research.<\/p>\n

While investigating the NotPetya virus that attacked Ukraine, ESET\u2019s cybersecurity experts have also detected the 130.185.250.171 address. The transfinance.com [.] Ua domain, used to spread the virus, as well as a Tor server command and control program named severalwdadwajunior have been registered at this address.<\/p>\n

Even if this connection with Bulgaria turns out accidental, it still deserves a detailed probe by the Bulgarian intelligence as the use of our country as a platform for global Russian intelligence hybrid war operations is disturbing.<\/p>\n

Bivol asked questions to the Bulgarian National Security Agency (DANS) and the government\u2019s press office about the revelations that the GRU had used Bulgaria-related resources for its attacks, but did not receive an answer. A source from the Interior Ministry, dealing with cybersecurity, told us that there had been no research so far into the specific IPs revealed by experts.<\/p>\n

Atanas Tchobanov and Dimitar Stoyanov worked on this story<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

The attacks by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) on targets in the United States, France, Ukraine, and South Korea…<\/p>\n","protected":false},"author":16850,"featured_media":33789,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"give_campaign_id":0,"_crdt_document":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":[],"rop_publish_now_history":[],"rop_publish_now_status":"pending","kia_subtitle":"","_lmt_disableupdate":"","_lmt_disable":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false},"categories":[5542,5806],"tags":[9920,9585,9922,9179,7627,9923,9921,9924],"class_list":["post-50941","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-investigations-en","category-leading-en","tag-cyberattacks","tag-cybersecurity","tag-dcleaks-en","tag-gru","tag-hackers","tag-marconleaks-en","tag-mueller","tag-notpetya-en"],"yoast_head":"\nGRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria - Bivol!<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria\" \/>\n<meta property=\"og:description\" content=\"The attacks by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) on targets in the United States, France, Ukraine, and South Korea…\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\" \/>\n<meta property=\"og:site_name\" content=\"Bivol!\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/bivolnews\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-14T10:42:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-16T17:15:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"295\" \/>\n\t<meta property=\"og:image:height\" content=\"171\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Atanas Tchobanov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\"},\"author\":{\"name\":\"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432\",\"@id\":\"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f\"},\"headline\":\"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria\",\"datePublished\":\"2020-01-14T10:42:48+00:00\",\"dateModified\":\"2020-01-16T17:15:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\"},\"wordCount\":1331,\"image\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg\",\"keywords\":[\"Cyberattacks\",\"Cybersecurity\",\"DCLeaks\",\"GRU\",\"Hackers\",\"Marconleaks\",\"Mueller\",\"NotPetya\"],\"articleSection\":[\"Investigations\",\"Leading\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\",\"url\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\",\"name\":\"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria - Bivol!\",\"isPartOf\":{\"@id\":\"https:\/\/bivol.bg\/en#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg\",\"datePublished\":\"2020-01-14T10:42:48+00:00\",\"dateModified\":\"2020-01-16T17:15:15+00:00\",\"author\":{\"@id\":\"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f\"},\"breadcrumb\":{\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage\",\"url\":\"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg\",\"contentUrl\":\"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg\",\"width\":295,\"height\":171},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u041d\u0430\u0447\u0430\u043b\u043e\",\"item\":\"https:\/\/bivol.bg\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bivol.bg\/en#website\",\"url\":\"https:\/\/bivol.bg\/en\",\"name\":\"Bivol!\",\"description\":\" Mind the horns!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bivol.bg\/en?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f\",\"name\":\"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g\",\"caption\":\"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432\"},\"url\":\"https:\/\/bivol.bg\/en\/author\/atanas\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria - Bivol!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html","og_locale":"en_US","og_type":"article","og_title":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria","og_description":"The attacks by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) on targets in the United States, France, Ukraine, and South Korea…","og_url":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html","og_site_name":"Bivol!","article_publisher":"https:\/\/www.facebook.com\/bivolnews\/","article_published_time":"2020-01-14T10:42:48+00:00","article_modified_time":"2020-01-16T17:15:15+00:00","og_image":[{"width":295,"height":171,"url":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","type":"image\/jpeg"}],"author":"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Atanas Tchobanov","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#article","isPartOf":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html"},"author":{"name":"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432","@id":"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f"},"headline":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria","datePublished":"2020-01-14T10:42:48+00:00","dateModified":"2020-01-16T17:15:15+00:00","mainEntityOfPage":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html"},"wordCount":1331,"image":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage"},"thumbnailUrl":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","keywords":["Cyberattacks","Cybersecurity","DCLeaks","GRU","Hackers","Marconleaks","Mueller","NotPetya"],"articleSection":["Investigations","Leading"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html","url":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html","name":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria - Bivol!","isPartOf":{"@id":"https:\/\/bivol.bg\/en#website"},"primaryImageOfPage":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage"},"image":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage"},"thumbnailUrl":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","datePublished":"2020-01-14T10:42:48+00:00","dateModified":"2020-01-16T17:15:15+00:00","author":{"@id":"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f"},"breadcrumb":{"@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#primaryimage","url":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","contentUrl":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","width":295,"height":171},{"@type":"BreadcrumbList","@id":"https:\/\/bivol.bg\/en\/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u041d\u0430\u0447\u0430\u043b\u043e","item":"https:\/\/bivol.bg\/en"},{"@type":"ListItem","position":2,"name":"GRU Attacks USA, France, Ukraine from Servers Linked to Bulgaria"}]},{"@type":"WebSite","@id":"https:\/\/bivol.bg\/en#website","url":"https:\/\/bivol.bg\/en","name":"Bivol!","description":" Mind the horns!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bivol.bg\/en?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/bivol.bg\/en#\/schema\/person\/96ae983c45d31588a3837e2eca41ae4f","name":"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1628586a251f88639720d1ebeace8349bb04bc6baf25942ea3baa5e30711660c?s=96&d=mm&r=g","caption":"\u0410\u0442\u0430\u043d\u0430\u0441 \u0427\u043e\u0431\u0430\u043d\u043e\u0432"},"url":"https:\/\/bivol.bg\/en\/author\/atanas"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/bivol.bg\/wp-content\/uploads\/2017\/05\/russian-hackers.jpeg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/peFaG8-dfD","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":48939,"url":"https:\/\/bivol.bg\/en\/mueller-reports-secret-memos-mention-bulgarian-hackers-in-connection-with-investigation-into-russias-interference-in-2016-us-presidential-election.html","url_meta":{"origin":50941,"position":0},"title":"Mueller Report\u2019s Secret Memos Mention Bulgarian Hackers in Connection with Investigation into Russia’s Interference in 2016 US Presidential Election","author":"Atanas Tchobanov","date":"3 November 2019","format":false,"excerpt":"Trump\u2019s campaign had been seriously hunting Hillary Clinton\u2019s missing 33,000 emails, and according to his campaign manager Steve Bannon, \"hackers in Bulgaria might have them\". This emerges from the first installment of documents released by the US Justice Department and including all the materials from the former special counsel Robert\u2026","rel":"","context":"In "Comments"","block_context":{"text":"Comments","link":"https:\/\/bivol.bg\/en\/category\/comments-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/11\/bulgarian-hackers-clinton-emails.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/11\/bulgarian-hackers-clinton-emails.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/11\/bulgarian-hackers-clinton-emails.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/11\/bulgarian-hackers-clinton-emails.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/11\/bulgarian-hackers-clinton-emails.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":51633,"url":"https:\/\/bivol.bg\/en\/who-is-the-bulgarian-accomplice-in-arms-manufacturers-poisoning.html","url_meta":{"origin":50941,"position":1},"title":"Who Is the Bulgarian Accomplice in Arms Manufacturer\u2019s Poisoning?","author":"Atanas Tchobanov","date":"25 January 2020","format":false,"excerpt":"\u201cIt is important to clarify the forgery contained in official correspondence by the Ministry of Foreign Affairs of Bulgaria, part of which is diplomatic note KO 194-45-1\/April 30, 2015 and other documents coinciding with the dates surrounding the crime.\u201d The arms manufacturing company Emco of businessman Emiliyan Gebrev made this\u2026","rel":"","context":"In "Comments"","block_context":{"text":"Comments","link":"https:\/\/bivol.bg\/en\/category\/comments-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/01\/transmobile-gebrev.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/01\/transmobile-gebrev.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/01\/transmobile-gebrev.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/01\/transmobile-gebrev.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/01\/transmobile-gebrev.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":38154,"url":"https:\/\/bivol.bg\/en\/bulgaria-shelters-ex-lukoil-boss-wanted-by-ukrainian-anticorruption-prosecutors-office.html","url_meta":{"origin":50941,"position":2},"title":"Bulgaria Shelters Ex-Lukoil Boss Wanted by Ukraine’s Anticorruption Prosecutors","author":"\u0415\u043a\u0438\u043f \u043d\u0430 \u0411\u0438\u0432\u043e\u043b\u044a","date":"6 February 2018","format":false,"excerpt":"Alexei Belenky is wanted by Interpol in order to face charges for misuse of public procurement in the amount of millions of euros from tenders of the Ukrainian railways. He is sought by the Ukrainian Anticorruption Prosecutor's Office, which is investigating the case because of involvement of politically exposed persons.\u2026","rel":"","context":"In "Investigations"","block_context":{"text":"Investigations","link":"https:\/\/bivol.bg\/en\/category\/investigations-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2018\/02\/bilenky.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2018\/02\/bilenky.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2018\/02\/bilenky.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":53096,"url":"https:\/\/bivol.bg\/en\/corrupt-ukrainian-prosecutor-lives-life-of-luxury-in-bulgaria.html","url_meta":{"origin":50941,"position":3},"title":"Corrupt Ukrainian Prosecutor Lives Life of Luxury in Bulgaria","author":"\u041d\u0438\u043a\u043e\u043b\u0430\u0439 \u041c\u0430\u0440\u0447\u0435\u043d\u043a\u043e","date":"10 March 2020","format":false,"excerpt":"The family of one of Ukraine's most corrupt young prosecutors, the former Kyiv District Prosecutor Sergey Nechiporenko, caught red-handed with a USD 150,000 bribe, owns at least three luxury properties in Bulgaria. This is revealed by an investigation by the Ukrainian office of Radio Free Europe (RFE) - Radio Liberty\u2026","rel":"","context":"In "Investigations"","block_context":{"text":"Investigations","link":"https:\/\/bivol.bg\/en\/category\/investigations-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/03\/EF7CF235-BDC1-41DE-B9CE-2A3D49FBB0C2_w1023_r1_s.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/03\/EF7CF235-BDC1-41DE-B9CE-2A3D49FBB0C2_w1023_r1_s.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/03\/EF7CF235-BDC1-41DE-B9CE-2A3D49FBB0C2_w1023_r1_s.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2020\/03\/EF7CF235-BDC1-41DE-B9CE-2A3D49FBB0C2_w1023_r1_s.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":29259,"url":"https:\/\/bivol.bg\/en\/bulgarian-state-unconcerned-about-break-in-council-of-ministers-database.html","url_meta":{"origin":50941,"position":4},"title":"Bulgarian State Unconcerned about Break in Council of Ministers Database","author":"\u0411\u0438\u0432\u043e\u043b\u044a","date":"19 January 2016","format":false,"excerpt":"For over a month now, State institutions are not paying any attention to the break in the Council of Ministers database, while hackers drain social security numbers, phone numbers and email addresses of people with high positions of power, officials from the European institutions, senior officials from the National Security\u2026","rel":"","context":"In "Investigations"","block_context":{"text":"Investigations","link":"https:\/\/bivol.bg\/en\/category\/investigations-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2016\/01\/msleak3.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":48484,"url":"https:\/\/bivol.bg\/en\/nouvelobs-tchobanov.html","url_meta":{"origin":50941,"position":5},"title":"Atanas Tchobanov – the Journalist Who Rattles Bulgarian Authorities","author":"\u0415\u043a\u0438\u043f \u043d\u0430 \u0411\u0438\u0432\u043e\u043b\u044a","date":"17 September 2019","format":false,"excerpt":"With their revelations about corruption in Bulgaria, Atanas Tchobanov and his site Bivol (\"the Buffalo\") get in the way. To the point that the Bulgarian Prosecutor's Office has asked the French judicial system to investigate the former political refugee residing in France. By Jean-Baptiste Naudet, Nouvel Observateur, published on September\u2026","rel":"","context":"In "Analysis"","block_context":{"text":"Analysis","link":"https:\/\/bivol.bg\/en\/category\/analysis-en"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/09\/nouvel-obs-tchobanov.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/09\/nouvel-obs-tchobanov.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/09\/nouvel-obs-tchobanov.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/bivol.bg\/wp-content\/uploads\/2019\/09\/nouvel-obs-tchobanov.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/posts\/50941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/users\/16850"}],"replies":[{"embeddable":true,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/comments?post=50941"}],"version-history":[{"count":0,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/posts\/50941\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/media\/33789"}],"wp:attachment":[{"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/media?parent=50941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/categories?post=50941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bivol.bg\/en\/wp-json\/wp\/v2\/tags?post=50941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}