Hacker Attacks Ukraine From Sofia Takes Bulgarian ‘Golden Passport’

A Bulgarian company has attacked and downloaded the website of the Ministry of Defense of Ukraine to demonstrate the capabilities of its system for cyberattacks to a head of the Russian services. This happened in Sofia. On February 5, 2015, the attack was a crime under the Bulgarian Penal Code. In 2015, these actions became known to the Bulgarian services, but they did nothing, on the contrary. Four years later, DANS approved the application for Bulgarian citizenship of the company’s co-owner Yuri Gushin, a Soviet-born hacker with Israeli citizenship who acquired a Bulgarian “golden passport” in 2020.

“We are overthrowing the Ministry of Defense of Ukraine…”

In 2015, the Russian independent news site Medusa told a shocking story about a cyber attack conducted by Sofia. The head of communications at the Russian state corporation Rostec, Vasily Brovko , arrives in Sofia for a meeting with the company Packets Technologies. The purpose of his visit is to evaluate and purchase innovative technology for DDOS attacks.

Packets Technologies demonstrated its technology on February 5, 2015 from its offices in Sofia. Two targets abroad were attacked and disabled: the website of the Ukrainian Ministry of Defense and the site slon.ru, an independent Internet resource that publishes critical of the authorities materials.

The slon.ru confirmed to Medusa that the site was the subject of a successful DDOS attack at the exact time when the demonstration of the cyber weapon from Sofia was carried out.

Witness to what happened is the Russian IT expert Alexander Vyara, who accompanied Brovko to Sofia to assess the qualities of the system. He found that the attacked sites had been successfully taken down and discussed technical details with Packets specialists. Brovko was interested in the cost of this cyber weapon, which was about $ 1 million. Subsequently, Brovko tried to recruit Vyara to work for the Russian services, but he refused and emigrated to Finland, where he sought political asylum.

After the publication of Medusa the Bulgarian investigative site Bivol It was founded in March 2014 by three shareholders with equal shares: Bulgarian Alex Behar, Israeli Yuri Gushin and Israeli-born Aviv Podé, who also holds a Lithuanian passport. In addition to being a shareholder, Gushin is also the company’s executive director.

DDOS attacks from Sofia against a foreign country are crimes under the Bulgarian Penal Code. Bivol notified the Computer Crime Department at the General Directorate for Combatting Organized Crime (GDBOP) and its then boss, Yavor Kolev , promised a probe.

There was obviously no probe, as Yuri Gushin subsequently acquired expensive properties in Sofia and unhindered received Bulgarian citizenship under the investor procedure.

From defense to attack. Who is Yuri Gushin?

From public sources, it is understood that the born in 1985 in the former USSR, Yuri Leonidovich Gushin is a self-taught information security specialist, with expertise in new and emerging technologies, security architecture and network protocols. He worked for the company Radware, which deals with protection against DDOS attacks. Together with his colleague Behar, he participated in hacker conferences where he demonstrated the theoretical and practical aspects of network attacks and protection from them.

As Gushin’s career has shown, cyber attack protection technologies can easily be converted into offensive cyberweapons and make good money. This is exactly what his company “Paquets Technologies” did, even demonstrating to Russian top cops how to make an attack on Ukraine from “NATO” Sofia. As evidenced by the annual financial statements of the company in the Daxi system, in the period 2015 – 2019, it regularly earns over a million leva from sales.

At the end of 2017, Yuri Gushin invested in real estate, paying BGN 2,230,800 for a house of 307 sq.m. total built-up area, 660 sq.m. yard and garage in “Residential Park” in Sofia, shows a check in the Property Register. The seller of the expensive property is the company KID 2227 EOOD, sole ownership of NACE.BG 2225 EOOD

, which in turn is the sole property of Petar Kurumbashev

, former MP from BSP in the 41st and 42nd National Assembly, former MEP and since March 2020 Honorary Consul of Malaysia in Bulgaria. The deal was implemented in the first year of Kurumbashev’s inauguration as a member of the European Parliament.

Gushin became Bulgarian with Presidential Decree 115 of 17.07.2020 under file number 6553/2019. Currently, he does not own shares and does not manage companies in Bulgaria, but he has a Bulgarian and European passport.

Deal with an offshore company of the state of Qatar

Probably to clear its reputation after being highlighted in the media, Packets Technologies was renamed in 2016. of Vitosha Labs. After that, the ownership was transferred to an offshore company, and finally the company was re-registered with another UIC number. This happens in several stages.

In May 2017, Alex Behar transferred his shares to the other two shareholders. At the end of November 2018, Yuri Gushin and Aviv Pode endorsed their shares in B.Tech Limited – an offshore from the British Virgin Islands. The change in ownership was registered on 17.12.2018 in the Commercial Register and thus the offshore company became the sole owner of the shares of Vitosha Labs EAD.

In 2019, when companies are obliged to declare their beneficial owners, it is understood who is behind Vitosha Labs EAD. The declaration filed in the Trade Register shows that this is the Qatari Black Oryx QSTP-LLC. In turn, it is owned by Barzan Holdings QSTP-LLC, whose sole owner is… Qatar’s Ministry of Defense.

In mid-December 2019, Vitosha Labs EAD, UIC 202998553, was deleted and Vitosha Labs became the successor

EOOD, UIC 205941543, sole ownership of the same offshore B.Tech Limited. The beneficial owner of the account of this company has not been declared and the company is formally in violation, although the relationship with the beneficial owner is found in the documents of the closed company.

The new Vitosha Labs maintains activity and last year had 8 employees, according to a check in the NSSI. The company’s website says that it specializes in software optimization and automation and information security. BRRD tried to contact the company on the phone left during the registration of the vitosha-labs.bg domain, but it turned out to be inactive. We did not receive any feedback on the inquiry made to the company’s email.

At the beginning of the month, Mediapool revealed in an investigation that a total of 96 foreigners had received the so-called. “golden passports” against investments in Bulgarian government securities or bank deposits. Most of them are Russians.

The BRRD has data on those who have received “golden passports” as investors and makes a journalistic study of their relations with business and politics. In the previous articles of the series we informed about the golden passport of Roman Savushkin, obtained when he was General Director of the United Wagon Company, a structure-defining enterprise in Russia. We also revealed the golden passports of Russian top bankers

Dmitry Kushaev – director of Credit Suisse Moscow, Roman Nagaev – former director of investment banking at the Russian bank VTB Capital, and Igor Finogenov – former director of the Eurasian Development Bank and close to power in Russia.

***

За да научавате преди всички за нови разследвания, инсталирайте си нашето мобилно приложение:

Щом сте стигнали дотук, вероятно вече си задавате въпроса как се финансира този журналистически проект.

Отговорът е: Финансира се от журналистическо чекмедже, в което читателите оставят по нещо, ако им е харесало съдържанието.

Чекирайте се и Вие!

При възможност, станете наш редовен спомоществовател с опцията Чекирай Редовно. Това ни помага да предвиждаме бъдещи разходи и да планираме дейността си за месеци напред.