The cyber-attacks this morning against websites of Romanian public bodies and private organisations have been claimed by the Pro-Russia cybercrime group Killnet and justified by them by the fact that Romania supports Ukraine in the military conflict with Russia, according to Romania’s National Cybersecurity Directorate (DNSC).
“Today, a series of Distributed Denial of Service (DDoS) attacks took place on sites belonging to Romania’s public bodies and private entities. The sites gov.ro, mapn.ro, politiadefrontiera.ro, cfrcalatori .ro, and otpbank.ro were targeted by attackers who aimed to disrupt these online services by overloading these sites with massive traffic from multiple sources. The attack was claimed by the cybercrime group Killnet on a communication channel called The Telegram that justifies it by the fact that the Romanian government supports Ukraine in the military conflict with Russia. National Cybersecurity Directorate (DNSC) specialists are working together with the authorities to investigate these cybersecurity incidents.”
According to DNSC, a list of IP addresses identified as being involved in this attack will be soon released.
“The release is part of the standard process of monitoring and identifying resources involved in cyber-attacks amidst the Ukraine-Russia conflict, which the directorate has put in place since the outbreak of the military conflict. We want to reiterate the need and importance of implementing adequate cybersecurity measures for the protection of websites and cyber infrastructures. A cybersecurity guide that you can use in this regard can be accessed on the dnsc.ro website: https://dnsc.ro/vezi/document/ghid-securitate-cibernetica-2021. Also, on the site, in the guides section, you can find useful information on ways of reacting to various types of cyber-attacks.”
Access to the websites gov.ro, mapn.ro, politiadefrontiera.ro, cfrcalatori.ro and the website of a financial institution was affected by a series of DDOS (distributed denial of service), cyber-attacks on Friday morning, starting at 4:00 am, according to the Romanian government.
SRI: Cyber attackers who shut down certain websites on Friday used equipment from outside Romania
The Romanian Intelligence Service (SRI) reports that the cyber attackers who made unavailable on Friday a series of websites belonging to the national authorities, financial-banking institutions, respectively, used network equipment from outside Romania.
Following the investigations carried out by the CYBERINT National Centre within the Romanian Intelligence Service, it was established that the cyber attackers used network equipment from outside Romania. The attackers took control of the equipment in question by exploiting cyber security vulnerabilities, respectively the lack of cyber security measures, and used them as a vector of attack on the Romanian websites, the same source reports.
The cyber attack was claimed by the pro-Russian KILLNET group, which specializes in DDoS attacks. Also, earlier this same month, the KILLNET group launched DDoS attacks on the websites of institutions in states such as the US, Estonia, Poland, the Czech Republic, but also on NATO sites.
The responsibility for ensuring the primary cyber security of the affected infrastructures does not belong to the Romanian Intelligence Service. However, given the scale of the attacks with an impact on national security, the CYBERINT National Centre within the Romanian Intelligence Service is actively cooperating with the entities responsible for investigating cyber attacks and remedying their effects, the SRI explains.
The Service also adds that the affected sites are not part of the National System for the Protection of IT&C Infrastructures of national interest against threats from cyberspace (TITEICA) managed by the Romanian Intelligence Service through the CYBERINT National Centre.