MOSHED-2022-4-29-15-38-10

Romanian government says websites attacked by pro-Russian group

Romania’s national cybersecurity response team and intelligence agency said several websites connected to government agencies and a bank were hit with distributed denial-of-service attacks on Friday.

The National Directorate of Cyber ​​Security (DNSC) said in a statement that the websites for Romania’s government, ministry of defense, border police, national railway company were attacked by a group called “Killnet.” The website for OTP Bank was also attacked.

Both the DNSC and the Romanian Intelligence Service’s CYBERINT National Center said the Killnet group claimed credit for the incident on Telegram and said it launched the attack because Romania has supported Ukraine since Russia invaded the country earlier this year. 

The Romanian Intelligence Service explained that the sites were down for several hours after the attacks began around 4 am local time. 

“Following the investigations carried out by the CYBERINT National Center within the Romanian Intelligence Service, it was established that the cyberattackers used network equipment from outside Romania,” the Romanian Intelligence Service said in a statement. 

“The attackers took control of the equipment in question by exploiting cybersecurity vulnerabilities [and] the lack of cybersecurity measures and used them as a vector of attack on sites in Romania.”

The agency added that Killnet specializes in DDoS attacks and has previously attacked sites connected to the governments of the U.S., Estonia, Poland, the Czech Republic and other NATO members.

The DNSC said it plans to publish the list of IP addresses identified as being involved in the attack as both agencies work with the affected institutions to resolve issues caused by the attack.

The attack came just one day after leading Romanian politician Marcel Ciolacu said the country may deliver weapons and provide military assistance to Ukraine.

This week, Microsoft vice president Tom Burt said the company’s experts believe cyberattacks will continue to escalate as the war between Russia and Ukraine continues. 

“Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression,” Burt said. 

“We’ve observed Russian-aligned actors active in Ukraine show interest in or conduct operations against organizations in the Baltics and Turkey – all NATO member states actively providing political, humanitarian or military support to Ukraine.”

Last month, Romania’s largest oil refinery proprietor, Rompetrol, was attacked by the Hive ransomware group.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.