Romania’s intelligence service in its declassified report disclosed the country’s election systems were hit by over 85,000 cyberattacks. Attackers have also stolen login credentials for election-related sites and posted the information on a Russian hacker forum just before the first presidential election round.
Data leaked on Russian site
The data was likely stolen from attacking authentic users and exploiting legitimate training servers. Russia has denied any involvement in Romania’s election campaign.
The Romanian Intelligence Service (SRI) said, “The attacks continued intensively including on election day and the night after elections. The operating mode and the amplitude of the campaign lead us to conclude the attacker has considerable resources specific to an attacking state."
About the attack
SRI says the IT infrastructure of Romania’s Permanent Electoral Authority (AEP) was targeted on 19th November. Threat actors disrupted a server containing mapping data (gis.registrulelectoral.ro) that was connected with the public web as well as AEP’s internal network.
After the attack, log in details of Romanian election websites- bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were posted on a Russian cybercrime platform.
Motives for the attack
SRI believes the attacks 85,000 attacks lasted till November 25th, the motive was to gain access to election infrastructure and disrupt the systems to compromise election information for the public and restrict access to the systems. The declassified report mentions the attacker attempted to compromise the systems by exploiting SQL injection and cross-site scripting (XSS) flaws from devices in 33 countries.
Romanian agency has warned that bugs are still affecting the election infrastructure and could be abused to move within the network and build a presence.
SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.
Influence campaign on elections
SRI believes Russia orchestrated the attacks as a part of a larger plan to disrupt democratic elections in Eastern Europe. The agency says Moscow perceives Romania as an ‘enemy nation’ because the latter supports NATO and Ukraine. The influence campaign tactics include disinformation, propaganda, and supporting European agendas shaping public opinion.
Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. Moscow views Romania as an “enemy state” due to its support for NATO and Ukraine. These influence operations include propaganda, disinformation, and support for eurosceptic agendas, aiming to shape public opinion favoring Russia.
While there is no concrete proof showing Russia’s direct involvement in Romanian elections, the declassified document suggests Russia’s history of election meddling in other places.
