- Romania has canceled its presidential elections following a wave of cyber attacks
- The cyber attacks targeted election systems, totaling more than 85,000 attacks
- The elections will take place again, probably with closer monitoring of systems and social media
A recently released report (PDF) of the Romanian Intelligence Service (SRI) has revealed that election infrastructure was targeted by more than 85,000 cyber attacks in the run-up to election day.
The main concern of these attacks is the state-sponsored online influence campaign promoting the election of front-runner and pro-Moscow candidate Călin Georgescu. Access credentials for election websites were stolen by threat actors and leaked on a Russian hacker forum, a worrying development given the volatility of the region’s political landscape.
The SRI confirmed that an attack on the IT infrastructure of the Romanian Permanent Electoral Authority (AEP) compromised a server that mapped data connected to the AEP’s network, which occurred on November 19. In light of these developments, the elections have since been canceled by the Romanian courts to allow for a replay of the first round of the presidential election.
Significant violations
Between the first break and November 25, the end of the first round of the presidential elections, BleepingComputer reports that the 85,000 attacks targeted the information systems that support the election process. Analysts have confirmed that the scale of the campaign would indicate a state actor.
“Romania – along with other states on NATO’s eastern flank – has become a priority for Russia’s hostile actions; There is a growing interest by the Kremlin to influence (at least) the mood and agenda in Romanian society in the electoral context through propaganda and disinformation.” confirms the report.
Romanian Prime Minister Marcel Ciolacu said annulling the election was “the only right decision”, with Constitutional Court judges citing the same report as a factor in the decision-making.
It is important to note that the SRI has not directly attributed these attacks to any specific threat actors, but geopolitical tensions do seem to indicate that they are looking in a specific direction.
Russian cyber influence campaigns have been reported during the US election cycle, so there is precedent for similar incidents. Russia has denied any interference in the Romanian elections.
Romanian infrastructure continues to be affected by vulnerabilities, the agency warned, and these could be exploited ahead of the second round of elections.