Vivacom outage disrupts SMS parking and media services in Bulgaria

On September 22–23, 2025, Vivacom and Mainstream Bulgaria – subsidiaries of United Group – were hit by a malicious cyberattack carried out by external bad actors. The incident disrupted SMS parking systems in Sofia and Sliven and took the news site 24 Chasa offline for over 24 hours.

Facts

• Sofia: The Sofia Urban Mobility Center (CGM) confirmed SMS parking services were temporarily unavailable due to technical issues.

• Sliven: The municipality reported that number 1344 for SMS parking was down due to a Vivacom Cloud issue, directing citizens to alternative methods.

• Media: “24 Chasa” and other outlets from Media Group Bulgaria were inaccessible for more than a day. The newsroom cited a failed transfer device as the immediate cause.

• Official United Group statement: confirmed that on September 22, Vivacom and Mainstream Bulgaria were impacted by a malicious cyberattack. Thanks to swift containment measures supported by leading cybersecurity experts, the incident was largely contained. Some business services were affected, but Vivacom’s core mobile and fixed services remained fully operational.

• Regulator: The Communications Regulation Commission (CRC) has been notified and will review the case.

Impact

This case illustrates how cyberattacks against telecom and cloud providers can cascade into critical services:

• Urban mobility: SMS parking outages in Sofia and Sliven caused inconvenience for thousands of drivers.

• Media blackout: The temporary unavailability of “24 Chasa” and other outlets limited access to timely information.

• Business disruption: Some corporate clients experienced technical issues with Vivacom services.

• Public trust: Initial lack of clarity about the cause highlighted the importance of transparent communication.

Update – September 24, 2025

• United Group officially confirmed the incident was a malicious cyberattack.

• Containment was achieved with support from external cybersecurity specialists.

• Service restoration remains a top priority.

• Authorities and regulators have been notified, and a full investigation is underway.

DIAMATIX Expert Perspective

This incident proves that even major telecoms and cloud providers are not immune to cyberattacks. Infrastructure vulnerabilities can lead to widespread disruption of critical urban and business services.

Our recommendations:

• Resilience by design: build redundancy and disaster recovery into core architectures.

• Proactive monitoring: continuous detection and threat hunting.

• Diversification: avoid over-reliance on a single provider for mission-critical services.

• Cyber hygiene and transparency: provide clear, timely communication during incidents.

At DIAMATIX, we believe resilience against cyberattacks is not optional — it is essential.

Trusted · Innovative · Vigilant.