Romania's election systems targeted in over 85,000 cyberattacks

Romania faces election turmoil after over 85,000 cyberattacks and a TikTok disinformation campaign linked to Russia disrupted presidential voting.

What happened

Romania’s Constitutional Court (CCR) has annulled the results of the first round of its presidential election following revelations of extensive cyberattacks and a TikTok influence campaign linked to Russia. The Romanian Intelligence Service (SRI) declassified a report showing over 85,000 cyberattacks on the country’s election infrastructure, including compromised credentials for election-related websites.

The attacks, which occurred in November, targeted Romania’s Permanent Electoral Authority (AEP) and voter registration systems, trying to disrupt operations, alter information, and deny access to election systems.

Going deeper

According to the SRI, the attackers exploited vulnerabilities in election infrastructure, such as SQL injection and cross-site scripting (XSS) weaknesses. These vulnerabilities were used to breach systems from devices in over 33 countries, with credentials for sites like bec.ro (Central Election Bureau) and registrulelectoral.ro (voter registration) leaked on a Russian cybercrime forum.

In the know

One breach occurred on November 19, when a server connected to both public and internal AEP networks was compromised. The attacks persisted until November 25, the night following the first round of elections. In addition to cyberattacks, a coordinated influence campaign manipulated TikTok influencers to promote pro-Russian candidate Calin Georgescu. Over 100 influencers with more than 8 million followers participated, with some receiving payments starting at $100 for targeted campaign content.

The campaign’s hashtags and messages mirrored pro-Russian narratives previously observed in Moldova. Many TikTok accounts that had been dormant since 2016 became highly active just two weeks before the election, pushing Georgescu’s content and driving it to 9th place in trending topics on November 26.

The big picture

Romania’s canceled election shows how cyberattacks and disinformation can threaten democracy. Weaknesses in digital election systems can lead to false results and loss of public trust. As more countries move elections online, it’s necessary to address security gaps to protect against interference. Romania’s experience is a reminder of how political tactics are changing and the importance of safeguarding fair elections.

FAQs

What is SQL injection?

SQL injection is a cyberattack where hackers insert malicious code into databases to steal or alter data.

What is cross-site scripting (XSS)?

XSS is a vulnerability that lets hackers inject harmful scripts into websites, stealing user data or altering site content.

How do TikTok campaigns affect elections?

These campaigns use influencers and hashtags to spread propaganda or misinformation, shaping voter opinions.

What is Romania’s Permanent Electoral Authority (AEP)?

The AEP oversees Romania's elections, including voter registration and election systems.

What are cybercrime forums?

Cybercrime forums are online spaces where hackers trade stolen data, tools, and attack strategies.