Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Background 2 Cyber attack 3 Public reactions 4 See also 5 References

2022 DDoS attacks on Romania

●Français ●Română ●Slovenščina ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Beginning at 04:05 EEST on 29 April 2022, a series of multiple denial-of-service attack (DDoS) attacks were launched against several Romanian government, military, bank and mass media websites. Behind the attacks was the pro-Kremlin hacking group Killnet, who resorted to this in response to a declaration made by Florin Cîțu, the then-president of the senate of Romania, that Romania would provide Ukraine with military aid. The Russian Federation, who invaded the latter, publicly spoke against Western military support for Ukraine, stating that it would result in "lightning-fast retaliatory strikes". The DDoS attacks continued until 1 May.

Background[edit]

On 26 April 2022, the president of the chamber of deputies of Romania, Marcel Ciolacu, the prime minister, Nicolae Ciucă, and the minister of foreign affairs, Bogdan Aurescu, visited Kyiv in Ukraine to meet the Ukrainian president, Volodymyr Zelenskyy, the prime minister, Denys Shmyhal, and the president of the Verkhovna Rada, Ruslan Stefanchuk. In the meeting, Romania reiterated its support for Ukraine and its European integration aspirations, as well as committing to active involvement in the reconstruction of the country.^[1]

The meeting was planned since as early as 13 April, with the Romanian delegation initially consisting of the president of the senate of Romania, Cîțu, and the president of the chamber of deputies, Marcel Ciolacu, both visiting Kyiv on 27 April at the invitation of Stefanchuk.^[2] Prime Minister Ciucă justified the absence of Cîțu around the fact that there were two state visits separately planned, under condition by the safety measures imposed in Kyiv due to the 2022 Russian invasion of Ukraine.^[3] Nevertheless, Florin Cîțu visited Kyiv by himself on 27 April 2022,^[4] after which he stated that Romania should do more for Ukraine, supporting them with military equipment.^[5]

Russia claimed that Western military support for Ukraine are "posing a threat to European security". The Russian president, Vladimir Putin, stated that "if someone intends to intervene in the ongoing events [Russian invasion of Ukraine] from the outside, and create strategic threats for Russia that are unacceptable to us, they should know that our retaliatory strikes will be lightning-fast".^[6]

Cyber attack[edit]

On 29 April 2022, at 04:05 EEST, the websites of the Ministry of National Defence (MApN), the Romanian Border Police, the Government of Romania and of CFR Călători were taken down by a DDoS attack. According to the MApN, the cyberattack did not compromise the functioning of its website, but rather prevented user access to it. The government stated that IT specialists at the structures at governmental level are collaborating with experts from specialized institutions to restore access and identify the causes. In the meantime, CFR Călători issued alternative means of purchasing train tickets digitally.^[7]

The Romanian Intelligence Service (SRI) stated that the hackers behind the cyberattack used network equipment from outside Romania.^[8] The pro-Kremlin hacking group Killnet claimed the attacks through Telegram, stating that "the president of the Romanian Senate, Marcel Ciolacu issued a statement promising the Ukrainian authorities "maximum assistance" in supplying lethal weapons to Kyiv". Furthermore, they revealed a list of websites that it took down through the DDoS attack, where the website of OTP Bank (the Romanian division) was also listed.^[9] The Directorate for Investigating Organized Crime and Terrorism (DIICOT) was notified in the case, and access to the websites was restored.^[7]^[10]

At 19:30 EEST, another DDoS attack was launched, this time on the website of the Ciolacu-led Social Democratic Party (PSD), taking it down in a similar manner. In response, the party's IT department quickly took action and restored access to the website within 15 minutes.^[10]

In retaliation, Romania's National Cybersecurity Directorate (DNSC) published a list of 266 IP addresses involved in the 29 April DDoS attacks to its official website. On 30 April, at approximatively 2:30 EEST, this website had also been taken down through a further DDoS attack by the pro-Kremlin hacking group, with user access restored by 8:30 EEST.^[11] Later the same day, a further DDoS attack took down the website of the Romanian Police.^[12]

The pro-Kremlin hacking group threatened to take down another 300 Romanian websites in a similar manner, including websites of stores, military, government, mass-media, banks, hospitals, educational institutions, political parties, etc. Some websites using Moldovan (.md) domains were also included in the list.^[13]

On 1 May 2022, Killnet took down the websites of seven Romanian airports (including those located in Bucharest, Cluj-Napoca, etc.), as well as of the TAROM airline and several news media websites, including Digi24, among others.^[14]

It has been suspected that a Romanian resident in the United Kingdom helped Killnet take down Romanian websites, translating content in Romanian into Russian. They were put in custody.^[15] In retaliation, Killnet threatened to "destroy Romania, the United Kingdom and Moldova" if they were not released within 48 hours.^[16]

Public reactions[edit]

Romania's minister of defence, Vasile Dîncu described the cyberattacks as "symbolic attacks".^[17] Marcel Ciolacu called his nominalization as "Senate president" by Killnet a mistake (as the presidency of the senate was held by Cîțu),^[18] and stated that "if needed, Romania is ready both legally and morally to take this step [to supply Ukraine with military equipment]. At this moment [at the time of the first attacks], there is no decision".^[19] In the meantime, the Romanian hacking group "Anonymous Romania" stated that it launched a counterattack against a Russian governmental website.^[20]

Cîțu reacted as well: "First of all, I do not know what kind of hackers are those who do not know who the president of the Senate or the president of the Chamber of Deputies is [...]. Secondly, if we look at that [Killnet's] statement it is bizarre to have the picture of the President of the Chamber of Deputies, to have the correct name, but to mistake his position [...]. A simple search on Wikipedia and you would have found out who the president of the Senate is".^[21]

References[edit]

^ "Imagini cu Marcel Ciolacu și Nicolae Ciucă la Kiev, cu Volodimir Zelenski. Vizita ar fi trebuit să aibă loc mâine, împreună cu Florin Cîțu" [Images of Marcel Ciolacu and Nicolae Ciucă in Kiev, with Volodimir Zelenski. The visit should have taken place tomorrow, together with Florin Cîțu]. Antena3 (in Romanian). Retrieved 29 April 2022.

^ "Marcel Ciolacu și Florin Cîțu merg la Kiev pe 27 aprilie". www.digi24.ro (in Romanian). Retrieved 29 April 2022.

^ "De ce nu a fost Florin Cîțu în Ucraina alături de Ciucă și Ciolacu. Explicația premierului". www.antena3.ro (in Romanian). Retrieved 29 April 2022.

^ "Primele imagini cu Florin Cîțu în Ucraina: "Ceea ce am văzut deschide ochii lumii asupra acțiunilor Rusiei"". www.antena3.ro (in Romanian). Retrieved 29 April 2022.

^ "Marcel Ciolacu, despre trimiterea de arme în Ucraina: "Dacă este nevoie, România este pregătită să facă acest pas"". www.antena3.ro (in Romanian). Retrieved 29 April 2022.

^ "Russia says pumping Ukraine with weapons is threat to European security". Reuters. 28 April 2022. Retrieved 29 April 2022.

^ ^a ^b "Val de atacuri cibernetice în România. Vizate mai multe instituții, între care Guvernul și Ministerul Apărării / Atacurile, revendicate de hackerii pro-ruși de la Killnet". economie.hotnews.ro (in Romanian). Retrieved 29 April 2022.

^ "Atacurile cibernetice care au vizat Guvernul și MApN. SRI: Hackerii au folosit echipamente de rețea din afara României, profitând de vulnerabilități ale site-urilor". www.hotnews.ro (in Romanian). Retrieved 29 April 2022.

^ "Cine este gruparea de hackeri Killnet care a atacat site-urile Guvernului și Armatei României". economie.hotnews.ro (in Romanian). Retrieved 29 April 2022.

^ ^a ^b "Site-ul PSD inactiv după ce a fost atacat de hakerii ruși de la Killnet". www.antena3.ro (in Romanian). Retrieved 29 April 2022.

^ "Continuă seria de atacuri de tip DDoS asupra site-urilor românești". www.antena3.ro (in Romanian). Retrieved 30 April 2022.

^ "UPDATE Site-ul Poliției Române a fost atacat cibernetic『într-un mod similar ca celelalte instituții』(surse)/ Problema a fost remediată în aproximativ o oră de la anunțul Poliției/ Hackerii pro-ruși Killnet au amenințat că vor ataca peste 300 de entități din România". G4 Media (in Romanian). 30 April 2022. Retrieved 30 April 2022.

^ "Gruparea Killnet amenință că va ataca cibernetic alte aproape 300 de site-uri din România". economie.hotnews.ro (in Romanian). Retrieved 1 May 2022.

^ "Site-urile marilor aeroporturi din România nu funcționează. Hackerii ruși de la Killnet revendică atacul". Digi24 (in Romanian). Retrieved 1 May 2022.

^ "Un român din Marea Britanie, suspectat că a ajutat gruparea de hackeri ruși Killnet pentru a ataca site-uri din România. Bode: "Cetăţeanul este în custodia autorităţilor şi este audiat"". G4 Media (in Romanian). 3 May 2022. Retrieved 4 May 2022.

^ "Killnet confirmă sprijinul românului Ioan Feher și amenință că va『distruge România, Marea Britanie și Moldova』dacă nu va fi eliberat: "Dacă susține Rusia, nu înseamnă că e un criminal"/ Este vizat Ministerul Sănătății". G4 Media (in Romanian). 3 May 2022. Retrieved 4 May 2022.

^ "Reacția lui Vasile Dîncu după ce grupul pro-rus Killnet a atacat cibernetic România: "Este un atac simbolic"". Stirileprotv.ro (in Romanian). Retrieved 30 April 2022.

^ "Ciolacu spune că hackerii ruși l-au confundat cu Cîțu: E o greșeală acolo, sunt și eu". www.digi24.ro (in Romanian). Retrieved 30 April 2022.

^ "Ce spune Marcel Ciolacu, președintele Camerei Deputaților, despre motivele invocate de hackerii Killnet: E o greșeală acolo". ZF.ro (in Romanian). Retrieved 30 April 2022.

^ "Grupul de hackeri Anonymous România susține că a atacat un site guvernamental din Rusia ca răspuns la acțiunile grupării ruse Killnet". G4 Media (in Romanian). 29 April 2022. Retrieved 30 April 2022.

^ "Cîțu, deranjat că a fost confundat cu Ciolacu: Ce hackeri sunt ăia care nu știu cine e șeful Senatului? Dădeai search pe Wikipedia". www.digi24.ro (in Romanian). Retrieved 2 May 2022.

Hacking in the 2020s

← 2010s

Timeline

2030s →

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak
2023	Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack
2024	XZ Utils backdoor Cyber attacks on Kadokawa and Niconico

Groups

Individuals

Major vulnerabilities
publicly disclosed

SMBGhost (2020)
Thunderspy (2020)
PrintNightmare (2021)
FORCEDENTRY (2021)
Log4Shell (2021)
Account pre-hijacking (2022)
Retbleed (2022)
Downfall (2023)
LogoFAIL (2023)
Reptar (2023)
Terrapin (2023)
GoFetch (2024)

Malware

2020

2021

Predator

2022

Russian invasion of Ukraine

Part of the Russo-Ukrainian War

Overview

General	Outline Timeline Prelude Feb – Apr 2022 Apr – Aug 2022 Aug – Nov 2022 Nov 2022 – Jun 2023 Jun – Aug 2023 Sep – Nov 2023 Dec 2023 – Mar 2024 Apr 2024 – present Aerial warfare Defense lines Foreign fighters Information war Naval warfare Legality Map Order of battle Peace negotiations Ukraine's Peace Formula China peace proposal June 2024 peace summit Proposed no-fly zone Red lines Reparations Territorial control Women
Prelude	Reactions Disinformation Ukraine bioweapons conspiracy theory Ukraine and weapons of mass destruction 2021 Russia–United States summit 2021 Black Sea incident Belarus–European Union border crisis "On the Historical Unity of Russians and Ukrainians" Crimea Platform Zapad 2021 December 2021 ultimatum 2022 Ukraine cyberattacks Zametil 2022 Union Resolve 2022 Stanytsia Luhanska kindergarten bombing British–Polish–Ukrainian trilateral pact Evacuation of the Donetsk PR and Luhansk PR Mobilization in Donetsk PR and Luhansk PR "Address concerning the events in Ukraine" "On conducting a special military operation"
Background	Dissolution of the Soviet Union 2014 pro-Russian unrest in Ukraine historical background Annexation of Crimea reactions War in Donbas 2022 timeline Minsk agreements humanitarian situation international recognition of the Donetsk PR and Luhansk PR Putinism Foundations of Geopolitics Novorossiya Ruscism Russian irredentism Russian imperialism
Foreign relations	Russia–Ukraine Belarus–Ukraine Belarus–Russia Russia–United States Ukraine–United States Russia–NATO Ukraine–NATO enlargement of NATO eastward expansion controversy in Russia open door policy

Airstrikes
by city

Airstrikes on
military targets

Resistance

Russian-occupied Ukraine

Belarus and Russia

Russian
occupations

Flags used in Russian-occupied Ukraine

Ongoing

Potentially
related

Other

War crimes

General	Accusations of genocide in Donbas Allegations of genocide of Ukrainians child abductions Attacks on hospitals Cluster munitions Incendiary weapons Landmines Russian filtration camps Russian mobile crematoriums Russian theft of Ukrainian grain Russian torture chambers Looting Sexual violence Mistreatment of prisoners of war
Attacks on civilians	February 2022 Kharkiv cluster bombing Kharkiv government building airstrike 3 March Chernihiv bombing Irpin refugee column shelling Mariupol hospital airstrike Stara Krasnianka care house attack Mykolaiv cluster bombing March 2022 Donetsk attack 2022 Borodianka airstrikes Chernihiv breadline attack Mariupol theatre airstrike Mariupol art school bombing Kyiv shopping centre bombing Sumykhimprom ammonia leak March 2022 Kharkiv cluster bombing Mykolaiv government building missile strike Bucha massacre Kramatorsk railway station attack April 2022 Kharkiv cluster bombing Bilohorivka school bombing Shooting of Andrii Bohomaz Maisky Market attack Kremenchuk shopping mall attack Serhiivka missile strike Chasiv Yar missile strike Olenivka prison massacre Kharkiv dormitories missile strike Chaplyne railway station attack Izium mass graves September 2022 Donetsk attack Zaporizhzhia civilian convoy attack Kupiansk civilian convoy shelling Zaporizhzhia residential building airstrike Russian strikes against Ukrainian infrastructure 2023 Dnipro residential building airstrike Sloviansk airstrike Uman missile strike Kramatorsk restaurant missile strike Lyman cluster bombing 2023 Pokrovsk missile strike Chernihiv missile strike Kostiantynivka missile strike Hroza missile attack Volnovakha massacre 29 December 2023 Russian strikes on Ukraine 2024 Pokrovsk missile strike 2024 Donetsk attack Lysychansk missile strike 6 March 2024 Odesa strike 22 March 2024 Russian strikes on Ukraine April 2024 Chernihiv missile strike 25 May 2024 Kharkiv missile strikes
Crimes against soldiers	Torture of Russian soldiers in Mala Rohan Torture and castration of a Ukrainian POW in Pryvillia Rape of Donetsk People's Republic soldiers by Kadyrovites Murder of Yevgeny Nuzhin Makiivka surrender incident Execution of Oleksandr Matsievskyi 2022 Ukrainian prisoner of war beheading
Legal cases	ICC investigation Arrest warrants ICJ court case Task Force on Accountability Universal jurisdiction Crime of aggression Criminal proceedings Vadim Shishimarin Alexander Bobikin and Alexander Ivanov Anton Cherednik

Reactions

States and
official entities

General	Sanctions people and organizations restrictions on transit to Kaliningrad Oblast Military aid European Union Military Assistance Mission in support of Ukraine People's Bayraktar Signmyrocket.com Humanitarian aid Sanctioned yachts Relations with Russia
Ukraine	Application to NATO Be Brave Like Ukraine Brave1 Coordination Headquarters for the Treatment of Prisoners of War Decolonization and derussification law Delta Destroyed Russian military equipment exhibition For Courage and Bravery (Ukraine) Grain From Ukraine Headquarters of the Supreme Commander-in-Chief Hero City I Want to Live International Defence Industries Forum International Legion and other foreign units Belarusian Volunteer Corps Terror Battalion Black Maple Company Canadian-Ukrainian Brigade Freedom of Russia Legion German Volunteer Corps Karelian National Battalion Kastuś Kalinoŭski Regiment Norman Brigade Pahonia Regiment Polish Volunteer Corps Romanian Battlegroup Getica Russian Volunteer Corps Separate Special Purpose Battalion Sibir Battalion Turan Battalion International Sponsors of War Forced confiscation law of Russian property [ru; uk] Look for Your Own Martial law Mobilization Media Center Ukraine National Council for the Recovery of Ukraine from the War [uk] National Multi-Subject Test [uk] North Korea–Ukraine relations Points of Invincibility Recognition of Ichkeria Rescuer City [uk] Save Ukrainian Culture [uk] Syria–Ukraine relations Ukrainian Freedom Orchestra United24 United News
Russia	highways in the annexed territories A290 A291 "Tavrida" R260 R280 "Novorossiya" 2022 Moscow rally 2023 Moscow rally 2022 Moscow Victory Day Parade 2023 Moscow Victory Day Parade 2024 Moscow Victory Day Parade 2023 Presidential Address to the Federal Assembly Blockade of Ukraine [ru] Bohdan Khmelnytsky Battalion Censorship in Russia [ru] Chechnya Pro-Ukrainian Chechen fighters Conmemorative Medal "Participant of a Special Military Operation" [ru] Conversations about Important Things Krasovsky case Legalization of parallel imports [ru] Manifesto of the South Russian People's Council Martial law Masha Moskalyova case Metropolis of Crimea Mikhail Simonov case Mobilization Recruitment of irregular forces [ru] Operation Doppelgänger [fr; ru] Opinion polling [ru] Orthodox Christmas truce proposal Wagner Group–Ministry of Defense conflict Russian Orthodox clergymen appeal against war Salvation Committee for Peace and Order Special Coordinating Council Ukraine bioweapons conspiracy theory Unfriendly countries list War censorship laws We Are Together. Sports "What Russia Should Do with Ukraine"
United States	2022 Joe Biden speech in Warsaw 2022 State of the Union Address Consolidated Appropriations Act, 2022 Consolidated Appropriations Act, 2023 Disinformation Governance Board Executive Order 14071 Pentagon document leaks Task Force KleptoCapture Ukraine Defense Contact Group Ukraine Democracy Defense Lend-Lease Act Ukraine Security Assistance Initiative
Other countries	Belarus Canada Canada–Ukraine authorization for emergency travel China Chinese peace plan Croatia Denmark Danish European Union defence opt-out referendum Federated States of Micronesia Federated States of Micronesia–Russia relations [ru] France Mission Aigle Georgia [ru] Germany German Taurus leak Zeitenwende speech Hungary [hu] India Operation Ganga Iran Israel Operation Israel Guarantees Lithuania Moldova New Zealand Russia Sanctions Act Poland border crisis with Ukraine Syria [ru] Taiwan [zh-yue] United Kingdom Economic Crime Act Homes for Ukraine Operation Interflex
United Nations	Emergency special session Resolution ES-11/1 Resolution ES-11/2 Resolution ES-11/3 Resolution ES-11/4 Resolution ES-11/5 Resolution ES-11/6 Security Council Resolution 2623 Resolution A/RES/77/229 Easter truce
International organizations	Accession of Moldova to the EU Accession of Ukraine to the EU Brussels summit European Political Community 1st summit 2nd summit 3rd summit Madrid summit NATO virtual summit Operation Oscar Ramstein Air Base meeting EU–Ukraine Summit REPowerEU Steadfast Defender 2024 SWIFT ban against Russian banks Ukraine Recovery Conference Versailles declaration 2023 Vilnius summit 15th BRICS summit
Other	Consecration of Russia F-16 training coalition Finland–NATO relations Finland–Russia border barrier Iron diplomacy Proposed Russian annexation of South Ossetia Recognition of Russia as a terrorist state Removal of monuments and memorials Streets renamed Ukraine Square, Oslo Serving heads of state and government that have visited Ukraine during the invasion Sweden–NATO relations Swedish anti-terrorism bill

Public

Protests	In Ukraine in Russian-occupied Ukraine demolition of monuments to Alexander Pushkin ArmWomenNow Ukrainian Artistic Front In Russia Angry patriots Club of Angry Patriots Anti-War Committee Suspicious deaths of Russian businesspeople Congress of People's Deputies Council of Mothers and Wives Feminist Anti-War Resistance Flower protests Marina Ovsyannikova Russian Action Committee North Caucasian protests 2022 Russian Far East protests State Duma initiative for charging Vladimir Putin of high treason White-blue-white flag In Belarus In China Great Translation Movement In Czech Republic Czech Republic First!
Companies	Address of the Russian Union of Rectors Boycott of Russia and Belarus "Do not buy Russian goods!" E.N.O.T. Corp. Igor Mangushev McDonald's in Russia Vkusno i tochka NashStore [ru] People's Satellite Starlink satellites Stop Bloody Energy Wagner Group Andrey Aleksandrovich Medvedev Death of Nemes Tarimo Yale CELI List of Companies
Technology	Anonymous and the invasion alerts.in.ua DDoS attacks on Romania DeepStateMap.Live IT Army of Ukraine Killnet Liveuamap Open-source intelligence peacenotwar Russian Asset Tracker Squad303 [pl] Ukraine Siren Alerts Wikipedia threat to block in Russia detention of Mark Bernstein
Spies	Diplomatic expulsions during the Russo-Ukrainian War Russian spies in the Russo-Ukrainian War
Other	Association of Azovstal Defenders' Families Black Sea Grain Initiative Collaboration with Russia We Are Together with Russia Concert for Ukraine Free Buryatia Foundation Free Nations of Post-Russia Forum Game4Ukraine Get Lost Global Tour for Peace Go by the Forest Guide to the Free World Mozart Group Olena Zelenska Foundation Open letter from Nobel laureates Pavel Sudoplatov Battalion Rubikus.HelpUA Ruslan Shostak Charitable Foundation Russia's War Crimes House Saving Ukrainian Cultural Heritage Online Serhiy Prytula Charity Foundation Spain letter bomb attacks Yermak-McFaul Expert Group on Russian Sanctions Pavel Filatyev True Russia Volos Declaration Wimbledon ban