site.btaState Agency for National Security 2024 Report: Stable Banks, Euro-Ready, Cyber and EPPO Threats Climb

Bulgaria’s financial system remained stable in 2024, the annual SANS report said on Tuesday. Euro adoption is a national priority; banks show solid capital adequacy, high liquidity and mostly euro-ready IT.

Tax-fraud and other offences blocked by SANS cost the budget over BGN 123 million. The Financial Intelligence directorate received 3,771 suspicious-transaction reports, opened 1,296 operational and 1,466 analytic files, and froze 52 transactions worth EUR 4.45 million.

EU-grant absorption, including Recovery Plan funds, is slowed by contract delays and project issues. SANS registered 87 investigations, including EPPO cases, on financial-security offences.

Energy security

EPPO opened an inquiry into alleged EU-fund misuse for a cyber-attack storage system at a major energy firm. Additional cases concern equipment at a key facility, chronic technical issues at a main power plant, petroleum-trade tax offences, irregular EU funding for public-building energy efficiency, falsified tender documents for a gas-sector firm and unlawful actions by a senior energy-enterprise officer.

 Terrorism and migration

The terrorist threat stayed low (level 3). Risks stem from infiltration via migration and radicalisation through jihadist propaganda. The Counter-Terrorism Centre handled 147 alerts; 12 foreigners were denied entry, 36 received compulsory measures and 144 were added to the unwelcome-foreigners list. Migration is used as a hybrid pressure tool; disinformation targets Bulgaria over alleged rights violations. Eight foreigners tied to illegal migration faced measures; 54 people joined the undesired-foreigners database for migrant-trafficking risks, and residence was revoked for six Russian Blue-Card holders and five relatives.

Counteracting misuse in the management of European Union funds

In February a joint operation with the Interior Ministry targeted unauthorised draws from the European Agricultural Fund that bypassed aid caps; evidence was sent to the EPPO. In September EPPO raids in Sofia, Yambol (Southeastern Bulgaria), Plovdiv (South Central Bulgaria) and Yablanitsa (North Central Bulgaria) probed suspected abuse of Innovation and Competitiveness funds; documents and items were seized, witnesses questioned. Five further EPPO proceedings address fictitious entrepreneurship projects under the same programme.

Foreign intelligence and security services

Foreign intelligence activity remained high, aiming to sway policy and create dependencies. SANS disrupted 29 operatives: 19 foreign nationals linked to Russian services and one Bulgarian suspected of spying for Russia.

Cybersecurity and communications

Disruptive cyber-operations rose, targeting public administration, transport, finance, communications, energy, health, education and defence. Principal threats come from actors linked to Russia, China, DPRK and Iran, who also exploit large-language models to shape opinion and spread disinformation. System-blocking and data-theft attacks are now prevalent. Persistent vulnerabilities reflect limited resources, staff shortages and inadequate security policies. Bulgarian Posts’ financial performance declined, and courier-company procedures showed security gaps for prohibited goods.

Protection of Classified Information

SANS revoked 12 classified-information access permits and issued 19 refusals under the Classified Information Protection Act in 2024.