December 5, 2024 at 07:01PM
A declassified Romanian Intelligence report reveals over 85,000 cyberattacks targeting the country’s election infrastructure, with leaked credentials for election websites surfacing on a Russian hacker forum. Concurrently, an influence campaign utilized TikTok influencers to promote pro-Russian presidential candidate Calin Georgescu. Romania’s election system remains vulnerable to attacks.
### Meeting Notes Takeaways:
1. **Cyberattacks Overview**:
– Romania’s election infrastructure was targeted by over 85,000 cyberattacks, with origins traced to 33 countries.
– Significant cyberactivity peaked from November 19 until November 25, coinciding with the presidential election rounds.
2. **Key Incidents**:
– On November 19, the IT infrastructure of the Permanent Electoral Authority (AEP) was compromised, specifically a mapping data server.
– Login credentials for election sites such as bec.ro, roaep.ro, and registrulelectoral.ro were leaked on a Russian cybercrime forum shortly before the election.
3. **Methods of Attack**:
– Attackers gained access via either targeting legitimate users or exploiting vulnerabilities in training servers used for electoral staff.
– Techniques included SQL injection and cross-site scripting (XSS) attacks.
4. **Current Vulnerabilities**:
– SRI warns that Romania’s electoral systems still have exploitable vulnerabilities that could allow for further lateral movement within networks.
5. **Influence Campaign**:
– A manipulation campaign involved over 100 TikTok influencers promoting presidential candidate Calin Georgescu, gaining millions of views and significant social media traction starting November 13.
– Influencers were compensated based on their follower count, with texts echoing pro-Russian campaign messages seen in Moldova.
6. **Threat Actor Attribution**:
– SRI has not definitively attributed the cyberattacks or the influence campaign to a specific actor, but the methodologies suggest potential state involvement.
– The Romanian Foreign Intelligence Service (SIE) indicates a historical pattern of Russian interference in elections, suggesting a broader context of geopolitical tensions influencing Romania’s electoral integrity.
7. **Implications**:
– The findings underscore ongoing concerns about cybersecurity threats and influence operations aimed at disrupting democratic processes in Romania, particularly amid current geopolitical dynamics with Russia.