- Romania has cancelled its presidential election as a result of a spate of cyberattacks
- The cyberattacks targeted electoral systems, with over 85,000 attacks in total
- The election will be re-run, likely with closer oversight over systems and social media
A recently declassified report [PDF] from Romania’s Intelligence Service (SRI) has revealed that the election’s infrastructure was targeted by over 85,000 cyberattacks over the run up to election day.
The primary concern from these attacks is the state-sponsored online influence campaign promoting the election of front-runner and Pro-Moscow candidate Călin Georgescu. Access credentials for election websites were stolen by threat actors and leaked on a Russian hacker forum, which is a worrying development given the volatility of the region’s political landscape.
The SRI confirmed that an attack on the IT infrastructure of the Romanian Permanent Electoral Authority (AEP) compromised a server which mapped data connected to the AEP’s network, which occurred on November 19th. In light of these developments, the election has since been cancelled by Romanian courts to allow for a re-run of the presidential election first round.
Significant breaches
Between the initial breach and November 25th, which was the end of the first round of Presidential elections, BleepingComputer reports that the 85,000 attacks were targeting the information systems which support the electoral process. Analysts have confirmed that the scale of the campaign would point to a state actor.
"Romania—along with other states on NATO's eastern flank—has become a priority for Russia's hostile actions; there is a growing interest in the Kremlin to influence (at least) the mood and agenda in Romanian society in the electoral context through propaganda and disinformation." the report confirms.
Romanian Prime Minister Marcel Ciolacu said that anulling the election was "the only correct decision," with the judges of the Constitutional Court citing the same report as a factor in its decision making.
It’s important to note that the SRI has not directly attributed these attacks to a specific threat actor, but geopolitical tensions do seem to suggest that they’re looking in a specific direction.
Russian cyber influence campaigns have been reported during the US election cycle, so there is precedent for similar incidents. Russia has denied any interference with Romanian elections.
Romania’s infrastructure is still being affected by vulnerabilities, the agency warned, and these could be exploited heading into the second round of the election.
More from TechRadar Pro
- Check out our list of the best endpoint protection software around
- Majority of US Congress members at risk of personal information being exposed
- Take a look at our best firewall software