A Bulgarian company launched a successful DDOS attack against the website of the Ministry of Defense of Ukraine and brought it down to demonstrate the capabilities of its cyber-attack system to a head of the Russian intelligence services. This happened in Sofia on February 5, 2015. The attack is a crime under the Bulgarian Penal Code. In 2015, these actions became known to the Bulgarian services, but they did nothing, on the contrary. Four years later, the National Security Agency (DANS) approved the application for Bulgarian citizenship of the co-owner of the company Yuri Gushin, a Soviet-born hacker with Israeli citizenship, who in 2020 acquired a Bulgarian “golden passport”.
“We are bringing down the Ministry of Defense of Ukraine…”
In 2015, the independent Russian news site Medusa told a shocking story about a cyber-attack carried out in Sofia. Vasily Brovko, head of communication services at Russia’s Rostech state corporation, had arrived in Sofia to meet with Packets Technologies. The purpose of his visit had been to evaluate and purchase innovative technology for DDOS attacks.
Packets Technologies had demonstrated its technology on February 5, 2015 from its offices in Sofia. Two targets abroad had been attacked and temporarily shut down: the website of the Ukrainian Ministry of Defense and the website slon.ru, an independent Internet resource that publishes materials critical of the government.
Slon.ru has confirmed for Medusa that the site has been the subject of a successful DDOS attack just at the time when the demonstration of cyber technology from Sofia took place.
The Russian IT expert Alexander Vyara, who accompanied Brovko in Sofia to assess the qualities of the system, is a witness of the attack. He found that the attacked sites had been successfully removed and discussed technical details with Packets specialists. Brovko had been interested in the price of this cyber weapon, which had been in the order of USD 1 million. Brovko later had tried to recruit Vyara to work for the Russian services, but he had refused and had emigrated to Finland, where he sought political asylum.
After the publication of Medusa, the Bulgarian investigative news site Bivol found out that the technology owner was the Bulgarian company Packets Technologies. It was founded in March 2014 by three shareholders with equal shares: the Bulgarian Alex Behar , the Israeli Yuri Gushin and the Israeli-born Aviv Pode, who also has a Lithuanian passport. Apart from being a shareholder, Gushin is also the executive director of the company.
DDOS attacks from Sofia against a foreign country are crimes under the Bulgarian Penal Code. Bivol informed the Computer Crimes Department of the General Directorate for Combating Organized Crime and its then-chief Yavor Kolev promised a probe.
There was obviously no probe, as Yuri Gushin subsequently acquired expensive properties in Sofia and freely obtained Bulgarian citizenship under the investor procedure.
From defense to attack. Who is Yuri Gushin?
It is understood from public sources that Yuri Leonidovich Gushin, born in 1985 in the former USSR, is a self-taught information security specialist, with an expertise in new and emerging technologies, security architecture and network and application protocols. He has worked for the company Radware, which deals with protection against DDOS attacks. Together with his colleague Behar, he has participated in hacking conferences, where he has demonstrated the theoretical and practical aspects of network attacks and protection against them.

As Gushin’s career proves, cyber-attack technologies can easily be converted into aggressive cyber-weapons and make good money. This is exactly what his company Packets Technologies did, and even demonstrated from NATO-member Bulgaria an attack against Ukraine to Russian “top cops”. As can be seen from the annual financial statements of the company in the Daxi system, between 2015 and 2019 it regularly earned over BGN 1 million from sales.
At the end of 2017, Yuri Gushin invested in real estate, paying BGN 2,230,800 for a house with 307 square-meter total built-up area, a 660 square-meter yard and garage in the “Residential Park” in the Bulgarian capital Sofia, according to a reference in the Property Register. The seller of the expensive property is the company KID 2227 EOOD, sole property of KID 2225 EOOD, which is the sole property of Petar Kurumbashev, former lawmaker from the Bulgarian Socialist Party in the 41st and the 42nd National Assembly, former MEP and since March 2020 Honorary Consul of Malaysia in Bulgaria. The deal materialized in the first year of Kurumbashev’s accession to the European Parliament.
Gushin became a Bulgarian citizen with Presidential Decree 115 of June 17,2020, file number 6553/2019. At the moment he does not own shares and does not manage companies in Bulgaria, but he has a Bulgarian and respectively a European passport.
Offshore deal with Qatar
Most likely to clean its reputation after receiving media coverage, Packets Technologies was renamed Vitosha Labs in 2016. Then the ownership was transferred to an offshore company, and finally the company was re-registered with another Unified Identification Code (UIC). This happened in several stages.
In May 2017, Alex Behar transferred his shares to the other two shareholders. At the end of November 2018, Yuri Gushin and Aviv Pode endorsed their shares in B.Tech Limited, an offshore company from the British Virgin Islands. The change of ownership was entered on December 17, 2018 in the Commercial Register and thus the offshore company became the sole owner of the shares of Vitosha Labs.
Who is behind Vitosha Labs emerged in 2019, when the companies were mandated to declare their real owners. The declaration submitted to the Commercial Register shows that this is the Qatari Black Oryx QSTP-LLC. It is in turn owned by Barzan Holdings QSTP-LLC, whose sole owner is the Ministry of Defense of Qatar.
In mid-December 2019, Vitosha Labs, UIC 202998553, was deleted and its successor became Vitosha Labs, UIC 205941543, sole property of the same offshore company B.Tech Limited. The beneficial owner of the account of this company has not been declared and the company is formally in breach of the law, although the relationship with the beneficial owner is found in the documents of the closed company.
The new Vitosha Labs remains active and last year had eight employees, according to a check in the National Social Security Institute. The company’s website states that it specializes in software optimization, automation activities and information security. BIRD made an attempt to contact the company on the phone left during the registration of the domain vitosha-labs.bg, but the number turned out to be inactive. We also did not receive answers to the questions sent to the company’s email.
BIRD has data on those who have received “golden passports” as investors and conducts journalistic research on their connections with business and politics. In previous articles in the series, we reported on the golden passport of Roman Savushkin, obtained when he was CEO of United Wagon Company, a strategically important enterprise in Russia. We also revealed the golden passports of top Russian bankers Dmitri Kushaev, Credit Suisse Head Russia, Roman Nagaev, Head of Investment, Credit & Project Finance at the Russian investment bank VTB Capital and Igor Finogenov, former Chairman of the Management Board of the Eurasian Development Bank and a person close to people in power in Russia.
***
За да научавате преди всички за нови разследвания, инсталирайте си нашето мобилно приложение:
Щом сте стигнали дотук, вероятно вече си задавате въпроса как се финансира този журналистически проект.
Отговорът е: Финансира се от журналистическо чекмедже, в което читателите оставят по нещо, ако им е харесало съдържанието.
Чекирайте се и Вие!
При възможност, станете наш редовен спомоществовател с опцията Чекирай Редовно. Това ни помага да предвиждаме бъдещи разходи и да планираме дейността си за месеци напред.
БРРД Eднократно 2023 / BIRD One time 2023
БРРД Ежемесечно / BIRD Monthly
BTC: bc1q8asgyunzwue3esm7p6nj8yv7umcppssktjv6e7
Dimitar Ivanov
Anonymous
Anonymous
Teodor Nichev
Vasil Stoev
Емил Атанасов
Джая Рама!!!
Anonymous
Nadezhda Kachoukeeva
Anonymous
Anonymous
Slavi Studenkov
Лозан Георгиев
This post is also available in:
Български (Bulgarian)