Documents declassified by Romania’s top security council last Wednesday revealed that the country suffered over 85,000 cyber attacks leading up to and during the course of its most recent elections which resulted in credentials for election-related websites being leaked on Russian cybercrime forums a few days before the presidential election. The attacks were referred to as “aggressive hybrid Russian attacks” in the Security Council documents, alleging the involvement of the Russian State, which has denied any involvement.
The attacks aimed to exploit system vulnerabilities and were successful in procuring access data for official Romanian election websites. According to the declassified report, this was likely done by targeting legitimate users or by compromising the legitimate training server.
Declassified documents revealed that the hacker initially compromised a server with mapping data (gis.registrulelectoral.ro) which was exposed to the public web, eventually pivoting to other critical servers, carrying out SQL injection and XSS attacks from devices in more than 33 countries as part of this cyber-attack.
In parallel, according to another declassified report, an influencer campaign was being run as part of which over 100 Romanian TikTok influencers with more than 8 million followers combined were paid to promote pro-Russian presidential candidate Calin Georgescu, receiving $100 for every 20,000 followers.
Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. This was believed to be Russian interference in the election and, as a result, Romania’s Constitutional Court unanimously annulled the entire presidential election due to concerns about fairness and legality. The court ordered a complete restart of the electoral process.
One of the declassified documents reported, “The attacks continued intensively including on election day and the night after elections, The operating mode and the amplitude of the campaign leads us to conclude the attacker has considerable resources specific to an attacking state.“
Romania’s intelligence agency has warned that the country’s election systems are still vulnerable and threat actors could compromise them again.
This Reuter’s Article provides more details from a political perspective.
For more news and analyses visit our homepage!