Romania’s election systems were targeted by over 85,000 cyberattacks, according to a declassified report from the Romanian Intelligence Service (SRI). These attacks, originating from 33 countries, occurred between November 19 and November 25, with the most significant incident occurring just before the first round of the presidential elections. The attackers focused on the IT infrastructure of the country’s Permanent Electoral Authority (AEP), particularly a server linked to voter registration and electoral mapping systems. Through this breach, the attackers obtained login credentials for multiple election-related websites and leaked them on a Russian cybercrime forum, including credentials for the Central Election Bureau and voter registration platforms.
The cyberattackers utilized SQL injection and cross-site scripting (XSS) vulnerabilities to target the systems, aiming to alter election data, disrupt operations, or deny access to critical systems. While the specific identity of the threat actor remains unconfirmed, SRI suspects that a state-sponsored actor was behind the attack, citing the scale and sophistication of the operation. The Romanian authorities have warned that the country’s election infrastructure still contains vulnerabilities that could potentially allow attackers to maintain persistent access and move laterally across the network.
Alongside the cyberattacks, a significant influence campaign was launched to sway public opinion in favor of a particular presidential candidate. More than 100 Romanian TikTok influencers with a combined following of over 8 million were reportedly manipulated into spreading content promoting the candidate Calin Georgescu. The influencers received payments ranging from $100 for 20,000 followers to distribute videos that included pro-Georgescu hashtags and messages. The campaign peaked in visibility just days before the election, with the influencers’ posts gaining hundreds of millions of views.
While SRI has not definitively linked these attacks or the influence campaign to Russia, the Romanian Foreign Intelligence Service (SIE) points to Russia’s history of interfering with elections in neighboring countries. Russia’s possible motives are believed to stem from its ongoing tensions with Romania, especially considering Romania’s role in NATO’s eastern defense flank. The report underscores Romania’s vulnerability to cyberattacks and influence operations, stressing the need for heightened vigilance in securing democratic processes from foreign interference.
Reference:
