New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Bulgarian Database Made Available on Hacking Forums

Instakilla (Bulgaria): A user going by the name Instakilla has placed download links of the Bulgarian National Revenue Agency online. Instakiller, who is beloved to be from Bulgaria, has a reputation of trading databases and sharing them on various hacking forums. The data that was shared has been verified, but it is the same data that was shared with media outlets last week and only contained half of the overall stolen data. Instakilla stated that because of a “goof” from the media, he was able to obtain the information himself. One of the news outlets displayed the link where they had the data, and once the link was found, Instakilla used his friends on the various hacking forums to crack the password-protected files, revealing the information that had been shared with the media before. Instakilla did not feel he was responsible for anything, and said, “I’m not the original hacker, I do not feel accountable for anything,” when he was asked if he feared he would be detained by Bulgaria as part of the attack.

Analyst Notes

There has been no response from the Bulgarian authorities about Instakilla sharing the data publicly, nor has a statement been released about any new contact that has been made with the original attacker that shared the information with the media and taunted Bulgarian authorities.