ASERT research has discovered that Romania is the latest victim of the surge in geopolitical DDoS attacks. In ASERT Principal Security Analyst Chris Conrad’s X Thread, it is revealed that these attacks are not specific to any single industry or adversary, as they target a variety of verticals, with several hacktivist groups taking credit for attacks.
The first major spike occurred on June 2, 2024, coinciding with the possibility of Romania transferring Patriot missiles to Ukraine. On this day, the number of direct-path attacks against Romanian websites jumped to 352 in a single day.
Elevated DDoS attack counts continue as June progresses
Total attack counts have remained higher than average as June has progressed, reaching a peak on June 5 with 1,016 total attacks in a single day. This continued elevation of DDoS attack activity shows the power of geopolitical motives for hacktivist groups.
Various groups are taking credit for the attacks against Romania
Multiple groups have claimed responsibility for these waves of attacks against Romanian targets. First, on June 5, the hacktivist group CyberDragon took responsibility for a number of attacks. They claimed to be targeting the websites of the President, Parliament, Ministry of Justice and Border Guard. This was in response to the possibility of transferring Patriot missiles to Ukraine.
Next, on June 17, Cyber Army of Russia claimed credit after Romanian officials refused visas to Belarusian and Russian delegations for the Parliamentary Assembly of the Organization for Security and Cooperation in Europe (OSCE PA) in Bucharest. This wave of attacks reportedly started with the Port of Constanta being targeted.
Over the course of this DDoS and ransomware barrage, several groups have claimed credit outside of these two. Most attacks are targeting government targets, with banking taking the second spot.