A 21-year-old Bulgarian who allegedly called himself “Emil Külev” online has been arrested by Sofia police.
An announcement from the Prosecutor’s Office of the Republic of Bulgaria stated that they had charged and detained Teodor Iliev for up to 72 hours in connection with a number of computer crimes.
Between March 2020 and January 2024, Iliev allegedly illegally accessed the information systems of dozens of state institutions, commercial banks, insurance companies, and other legal entities.
In July 2023, a forum user on BreachForums calling themself “MAGADANS” leaked what they claimed was the database of LEV INS, the largest insurance firm in Bulgaria. At the time, the firm was owned by Alexei Petrov, who would be assassinated the following month.
“It’s funny how fast destiny reaches people who make unsuccessful assassination and kidnapping attempts,” MAGADANS wrote. Without being more specific, the post concluded with the message:
#МълчаниетоСвърши
#НиеСмеСилата
#ВъзмездиетоИдва
Translation :
[#TheSilenceEnds
#WeAreThePower
#Retribution is Coming]
Less than 48 hours later, another new forum user doxed “MAGADANS.” DataBreaches does not know whether all the details are correct, but it identified “Emil Kulev” aka “MAGADANS” as Teodor Vanev Iliev. Redactions in the dox below are by DataBreaches:
Emil Kulev (Емил Кюлев) aka MAGADANS – Теодор Ванев Илиев (Teodor Vanev Iliev)
Телефон(phone): +[redacted]
ЕГН(ID): redacted]
Дата на раждане 07.02.2003 година.(Date of birth 02.07.2003)
Адрес(Address): [redacted]Очаквайте още информация за 19 годишният “хакер”.
Expect more information about this 19 years old hacker boy. Smilehttps://i.ibb.co/FWtQcLD/3.jpg
https://i.ibb.co/pX8YVvr/2.jpg
https://i.ibb.co/MBbYDY3/1.jpg
 |
 |
 |
Apart from Magadans, Külev was associated with a so-called State Agency for Digital Peace.
In September 2023, Questona provided more background on Külev’s background and activities, pointing out the similarities between Külev’s methods and a then-new Bulgarian group, RansomedVC. RansomedVC did confirm that they were affiliated with Magadans.
From a translation of the Sofia Prosecutor’s statement about the arrest of Iliev:
The Sofia City Prosecutor’s Office charged and detained for up to 72 hours Teodor Iliev, 21, in connection with repeated illegal actions (computer crimes) – unauthorized access to information systems of dozens of state institutions, commercial banks, insurance companies and other legal entities , copying and using the relevant data from the information arrays, etc. It was established that the unauthorized access to the databases was carried out in the period from March 2020 to January 2024.
On 28.06.2024, according to pre trial proceedings conducted under the supervision of the SGP, investigators from the “Cyber Crimes” Department of the National Investigation Service, together with employees of the Main Directorate “Combating Organized Crime” – Ministry of Internal Affairs, took actions on the investigation – searches and seizures, where more than 20 addresses on the territory of the country were checked. In the course of the operation, Teodor III., presenting himself in the online space with the pseudonym “Emil Külev”, was found and detained. In the course of the operation, computer equipment was seized, including a personal laptop, which the detainee tried to destroy.
According to Theodore III. charges have been brought under Art. 319a, para. 1; 319b, para. 2, as well as under Art. 216, para. 3 of the Criminal Code.
The assignment of expertise on the seized equipment is pending, Witness interviews were conducted. Actions to investigate the criminal activity of continue.
A prosecutor from the SGP will ask the Sofia City Court to impose a remand measure “detention in custody”.
As of publication, Iliev is still being detained.
“Acted Alone”
Cybersecurity expert Yavor Kolev has been quoted in Bulgarian media as saying he knows the hacker Emil Külev and that he acted alone:
“I know him, he acted alone. After the speculations that he broke into the database of the Lev Ins insurance company, he hid abroad and was out of Bulgaria for a long time. Now that he’s back, our authorities have detained him. When you are in such a criminal business, you exchange a lot of experience and skills with your colleagues and partners. He has no special education. As far as I know, he is absolutely self-taught”, said Yavor Kolev.
Update of June 30: Iliev has been denied bond and remains in custody.
His scams will be missed.
There were some rumors that Emil Kyulev and Impotent/KmetanaEvropa are the same person. Assuming Impotent didn’t lie in the interview you published last year, he would be much older than Kyulev.
I was criticized after publishing my interview with Impotent. A lot of people thought I just naively published a lot of lies and that he was larping. There was much more truth in his interview than most people knew or know even now. He may be a scammer or fraudster at times, but he is not a skid, and he is much older than Iliev.
As to the “Emil Kyulev” moniker, a number of people may have used that moniker. And if they did, whether they were working with Iliev or just decided to use the moniker is unknown at this time. I thought Iliev’s lawyer raised a fair point — that the prosecution needs to have more than just the fact that some anonymous person or persons doxxed Kyulev as Iliev.