A declassified investigation revealed that Romania’s election systems had been the subject of at least 85,000 cyberattacks.
The threat actors orchestrating the cyberattacks allegedly acquired access credentials to election-related websites and leaked them on a Russian hacker forum less than a week before the first round of the presidential election.
On the other hand, these malicious campaigns forced the Romanian Intelligence Service (SRI) on November 19 that the Permanent Electoral Authority’s (AEP) IT infrastructure was the target of the hack.
The attackers gained control of a server containing mapping data connected to the public web and the AEP’s internal network. Following this event, account credentials for Romanian election sites were exposed on a Russian cybercrime forum.
According to SRI, the attacker gained the logins by compromising legitimate users or exploiting vulnerabilities in the training system for voting section operators.
The cyberattacks on Romania’s election systems have caused massive concerns.
The Romanian intelligence agency said that the 85,000 attacks on Romania’s election systems continued until November 25, the night after the first presidential election round. The primary objective of the hack is to acquire access to and compromise election infrastructure, alter public election information, and deny access to systems.
In the declassified assessment, SRI adds that the threat actor attempted to compromise the systems by leveraging SQL injection and cross-site scripting (XSS) vulnerabilities on devices in over 33 countries.
The organisation also warns that Romania’s electoral infrastructure remains susceptible to other attacks, which might be leveraged to move laterally on the network and establish persistence.
This government agency suspects that the method of the cyberattacks and its resources could come from a state-sponsored cybercriminal group. However, SRI has yet to attribute these campaigns to any threat actor.
Furthermore, another declassified report describes an influence campaign aimed at the Romanian presidential election, in which over 100 TikTok Romanian influencers with over 8 million active followers were allegedly manipulated by threat actors to distribute election content promoting a presidential candidate.
The influencers were paid $100 for 20,000 followers to distribute films with hashtags portraying the candidate’s presidential profile.
Romanians should be on the lookout for this misinformation and malicious operations, especially if they relate to a high-ranking government position. Therefore, the public should be aware of these recent threats to remain safe from any unwanted cybercriminal activity.