Pierluigi Paganini December 07, 2024

Romania ‘s election systems suffered over 85,000 attacks, with leaked credentials posted on a Russian hacker forum before the presidential election.

Romania ‘s Intelligence Service revealed that over 85,000 cyberattacks targeted the country’s election systems.

Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days before the presidential election.

“The intelligence service also said access data for official Romanian election websites was published on Russian cyber crime platforms. The access data was probably procured by targeting legitimate users or by exploiting the legitimate training server, the agency said.” states Reuters. “It added that it had identified over 85,000 cyber attacks which aimed to exploit system vulnerabilities.”

Moscow has denied any attacks on the Romanian electoral systems.

“The attacks continued intensively including on election day and the night after elections,” the Romanian Intelligence reported in a declassified document. “The operating mode and the amplitude of the campaign leads us to conclude the attacker has considerable resources specific to an attacking state.”

Declassified documents from Romania’s security services revealed that Calin Georgescu, the pro-Russian presidential candidate, was “aggressively” promoted on TikTok through coordinated accounts and paid ads.

Calin Georgescu, initially polling in single digits before Romania’s Nov. 24 presidential election, surged to victory, raising suspicion

On December 6, 2024, Romania’s Constitutional Court, citing Article 146(f) of the Constitution, unanimously annulled the entire presidential election process due to concerns about fairness and legality. The annulment affects both the election date set by Government Decision no. 756/2024 and the implementation calendar approved by Government Decision no. 1061/2024. The Court ordered a complete restart of the electoral process, requiring the Government to set a new election date and a corresponding action plan. The decision is final, binding, and will be published in the Official Gazette.

Romania’s intelligence agency also warns that the country’s election systems are still vulnerable and threat actors could compromise them again.

Bleeping Computer revealed that threat actors carried out SQL injection and XSS attacks from over 33 countries. Another report exposes an influence campaign where over 100 Romanian TikTok influencers, with 8M+ followers, were paid to promote pro-Russian candidate Calin Georgescu, receiving $100+ for every 20,000 followers.

Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. Moscow views Romania as an “enemy state” due to its support for NATO and Ukraine. These influence operations include propaganda, disinformation, and support for eurosceptic agendas, aiming to shape public opinion to Russia’s advantage. While Russia’s direct role in recent attacks and campaigns in Romania isn’t explicitly confirmed, the analysis highlights its history of election interference elsewhere.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Romania election)