Government websites in Romania have been crippled by a distributed denial of service (DDoS) cyber attack carried out by Russia-supporting cybercrime gang Killnet, the country’s prime minister confirmed today. The attack is the latest sign that Russia is targeting neighbouring countries, which have offered support to Ukraine during the ongoing war in Eastern Europe.

Romanian government websites have been taken offline by a DDoS attacj. (Photo by Laszlo Szirtesi at Getty Images)

Prime Minister Nicolae Ciuca said several government websites were knocked out by the DDoS attack, including Romania’s border police site, several financial institutions and the railway company CFR Calatori. The attacks began at 4am and, at the time of writing, the sites remain offline, though local media reports suggest back office functions remain operational.

Romania has been a supporter of Ukraine throughout the war, providing humanitarian support to Ukrainian refugees fleeing the conflict. This week, Romanian parliamentary speaker Marcel Ciolacu visited Kyiv for talks with Ukrainian President Volodymyr Zelenskyy about how the countries can co-operate on security in future.

Romania cyberattack: Killnet claims responsibility

Killnet, a cybercrime gang named as sympathetic to Russia in a warning from the global security alliance Five Eyes last week, has claimed responsibility for the attack, saying it is in response to a statement Ciolacu made in parliament last week about providing increased support to Ukraine, including through the supply of weapons.

The gang has recently targeted organisations in Estonia, Poland and the US, and was responsible for carrying out a cyber attack on Bradley International Airport in Connecticut in March. The attack blocked customers from accessing and communicating with the site. 

This week’s incident is reminiscent of a series of DDoS attacks which took place on Ukrainian website prior to war breaking out, also thought to be the work of Russian hackers. Globally, the volume of DDoS incidents in the first quarter of this year was 4.5 times higher than the same period in 2021, reports security company Kaspersky.

Ukraine’s allies in Russia’s crosshairs

Heightened levels of DDoS attacks throughout the war in Ukraine are a signifier that those who do not support Russia may find themselves under cyber attack, explains Abishur Prakash, co-founder and geopolitical futurist at the Center for Innovating the Future consultancy.

“From the beginning of the Ukraine-Russia conflict, the cyber war has involved more than just Kiev and Moscow,” Prakash explains. “From German wind companies being hacked to Japanese automakers losing control of systems, the cyber attacks have had a serious impact.”

The fact smaller nations like Romania are also now being targeted could be an indirect message that any government who supports Kyiv is fair-game in the cyber world, says Prakash. 

Will Romania cyberattack be a catalyst for change?

As cyberattacks become more widespread and indiscriminate, countries may be forced to draw more rigid cyber boundaries. At the moment, cyber espionage and some types of cyber crime are tolerated as governments are loathe to regulate something they themselves benefit from, says Alexi Drew, senior analyst in defence and security at the RAND Europe think tank.

But the Ukraine war could change all that. “The grey zone of cyber conflict is often maintained by our unwillingness to be clear as to where the line in the sand is,” Drew explains. “What we are likely to see as a result of what’s happening right now [in Romania] is some very serious thinking as to whether this strategic ambiguity is actually a worthwhile approach to this kind of area. Do we actually need to be specific as to what is and is not acceptable in terms of espionage and the standard back and forth between states and cyber activity?”

Drew argues attacks such as the one on Romania, and the wider conduct of Russia-supporting cyber criminals during the war, may cause a rethink and lead governments around the world to take a tougher line. “There is an appetite across Europe and its allies, outside NATO and otherwise, to have a very frank internal discussion as to what can be done to make those changes at a far greater speed than might have otherwise happened,” she adds.

Read more: How tech leaders have responded to Russia’s invasion of Ukraine