Cyberattack on Romanian governmental institutions on a large scale on Friday, April 29. The Romanian Government’s, Ministry of National Defense’s, Romanian Railways (CFR), and Border Police’s websites were targeted.
Access to the sites gov.ro, mapn.ro, and politiadefrontiera.ro, and cfrcalatori.ro were disrupted by a series of distributed denial-of-service (DDOS) attacks on Friday, April 29.
Killnet, the Russian cyber hacker’s group, claims the attack on the Romanian Institutes’ websites. Killnet threatened to conduct cyber operations against countries and organizations providing material support to Ukraine. Romania was one of the countries targeted after the Romanian government officials mentioned the possibility of helping Ukraine in the conflict with Russia by sending weaponry.
According to the Cybersecurity Infrastructure Security Agency, Russian state-sponsored cyber actors have demonstrated their ability to compromise IT networks, develop mechanisms to maintain long-term, persistent access to IT networks, exfiltrate sensitive data from IT and operational technology (OT) networks, and disrupt critical industrial control systems (ICS)/OT functions through the use of destructive malware.
Romanian Government IT specialists work with experts from specialized organizations to restore access and pinpoint the source of the problem. Meanwhile, the Romanian Government website (gov.ro) has been restored, but the other institutional sites are still not accessible.
Romanian Intelligence Service communicated on the subject
The Romanian Intelligence Service – SRI issued a press release on the subject:
On April 29, 2022, starting with 04:00, a series of sites belonging to national authorities, respectively financial-banking institutions were the victims of a cyber attack of the Distributed-Denial-of-Service (DDoS) type. The attack caused the sites to be unavailable for several hours.
Following the investigations carried out by the CYBERINT National Center within the Romanian Intelligence Service, it was established that the cyber attackers used network equipment from outside Romania. The attackers took control of the equipment in question by exploiting cyber security vulnerabilities, respectively the lack of cyber security measures, and used them as a vector of attack on sites in Romania.
The cyberattack was claimed by the pro-Russian Eastern KILLNET group, which specializes in DDoS attacks. Also this month, the KILLNET group launched DDoS attacks on the sites of institutions in states such as the USA, Estonia, Poland, and the Czech Republic, but also on NATO sites.
The responsibility for ensuring the primary cyber security of the affected infrastructures does not belong to the Romanian Intelligence Service. However, given the scale of the attacks with an impact on national security, the CYBERINT National Center within the Romanian Intelligence Service is actively cooperating with the entities responsible for investigating cyber attacks and remedying their effects.
We specify that the affected sites are not part of the National System for the Protection of IT&C Infrastructures of national interest against threats from cyberspace (ȚIȚEICA) managed by the Romanian Intelligence Service through the National Center CYBERINT.