The targeted websites included bec.ro (Central Electoral Bureau), roaep.ro (Permanent Electoral Authority) and registrulelectoral.ro (the electoral registry). All these websites are managed by the AEP, the agency that oversees the election process. AEP also uses technical support and IT infrastructure and systems designed by the Romanian Special Telecommunication Service (STS), a signals intelligence agency that serves as the Romanian government’s ISP.
SRI notes that the theft of credentials associated with these websites, in the form of usernames and passwords, was achieved either by targeting individual users or by exploiting vulnerabilities in a training website created by the STS for election officials at operatorsectie.roaep.ro. Additionally, the SRI confirmed that on November 19, a server hosting mapping data, gis.registrulelectoral.ro, was compromised. This server was connected to both the AEP’s internal network and the internet.
Before and during election day, SRI cybersecurity analysts recorded more than 85,000 attempts to exploit vulnerabilities such as SQL injection (SQLi) and cross-site scripting (XSS) in various electoral websites and IT systems. The attacks aimed to gain unauthorized access to data stored in databases, potentially alter voting information presented to the public, or disrupt the infrastructure’s availability.
