On Sunday, May 4, 2025, a pro-Russian hacker group known as DDOSIA or NoName057 launched a coordinated cyberattack targeting several key Romanian government websites and the online platforms of presidential candidates. The attack coincided with the first round of a re-run presidential election in Romania, aiming to disrupt the electoral process and sow political instability.
Targets of the Cyberattack
The hackers targeted critical government institutions including the Romanian Constitutional Court, the main government portal, the Ministry of Foreign Affairs, and other state websites. Additionally, the websites of four presidential candidates were attacked, including Crin Antonescu, supported by the ruling coalition, and Bucharest Mayor Nicușor Dan, running as an independent.
Nature of the Attack
The cyberattack was primarily a Distributed Denial of Service (DDoS) assault, which overwhelms targeted websites with excessive internet traffic, rendering them inaccessible to legitimate users. The hackers claimed responsibility on their Telegram channel, listing the affected sites and boasting about their ability to “send DDoS surprises” to government platforms such as the Ministries of Internal Affairs and Justice.
Response and Impact
Romania’s National Cybersecurity Directorate reported that despite the attacks, all targeted websites were restored and operational by early afternoon local time. The Directorate even posted a lighthearted message referencing Star Wars: “May the Force be with you,” signaling resilience against the cyber threats.
The attack occurred during a sensitive political moment, as Romania was conducting a re-run of the presidential election’s first round. The initial round held the previous year was annulled due to allegations of illegal campaigning and suspected Russian interference, making the cybersecurity of the election process a critical concern.
Background and Context
This incident is part of a broader pattern of cyberattacks linked to Russian-affiliated hacker groups targeting government institutions and political processes in various countries. The group NoName057 has a history of cyber operations aimed at Ukraine, the United States, and European nations, often promoting pro-Kremlin agendas.
Romanian intelligence documents revealed that over 85,000 cyberattacks targeted the country’s election IT systems during the previous election cycle, highlighting the persistent threat to democratic processes.
Political Implications
The cyberattack underscores the ongoing geopolitical tensions in Eastern Europe and the use of cyber warfare as a tool to influence political outcomes. The targeting of presidential candidates’ websites suggests an attempt to undermine public confidence in the electoral process and disrupt the democratic transition.
Despite these challenges, Romanian authorities have demonstrated preparedness and resilience in countering cyber threats, ensuring the continuity of government functions and election integrity.
