Romania's election systems under tens of thousands of cyberattacks
Learn More
A declassified report from Romania's Intelligence Service (SRI) has revealed a massive cyber campaign targeting the country's election infrastructure, combining both technical attacks and influence operations.
The primary cyberattack occurred on November 19, targeting the Permanent Electoral Authority (AEP)'s IT infrastructure. Over 85,000 cyberattacks were recorded through November 25, and originated from 33 different countries.
Initial compromise occurred through a mapping data server (gis.registrulelectoral.ro) that had connections to both public internet and AEP's internal network Attackers employed SQL injection and cross-site scripting (XSS) exploitation attempts
The following election-related websites were affected:
- bec.ro (Central Election Bureau)
- roaep.ro
- registrulelectoral.ro (voter registration)
The threat actors aimed to gain unauthorized access to election infrastructure, compromise system integrity, alter public election information and conduct denial of service attacks.
Alongside the technical attacks, a coordinated influence operation was detected, involving over 100 Romanian TikTok influencers with 8+ million followers. The influencers received amounts starting from $100 for 20,000 followers, to distribute videos with hashtags describing Georgescu’s presidential profile.
The campaign promoted presidential candidate Calin Georgescu, and 25,000 TikTok accounts became highly active, including approximately 800 dormant accounts from 2016 suddenly activated on November 11
While direct attribution was not made, SRI indicated the sophistication and resource requirements suggest state-actor involvement. The Romanian Foreign Intelligence Service (SIE) noted that Russia views Romania as an adversary due to its NATO membership and position on the alliance's eastern flank.
SRI warns that vulnerabilities still exist in Romania's election infrastructure that could enable lateral movement and persistent access by threat actors.
