NETSCOUT: Hacktivists Target Romania in Latest Surge in Geopolitical DDoS Attacks
July 2024 by NETSCOUT
Geopolitical DDoS attacks continue to become increasingly prevalent. ASERT research has discovered that Romania is the latest victim of the recent surge in these attacks. In ASERT Principal Security Analyst Chris Conrad’s X Thread, it is revealed that these attacks are not specific to any single industry or adversary, as they target a variety of verticals, with several hacktivist groups taking credit for attacks.
The first major spike occurred on June 2, 2024, coinciding with the possibility of Romania transferring Patriot missiles to Ukraine. On this day, the number of direct-path attacks against Romanian websites jumped to 352 in a single day.
A graph with blue lines and black text Description automatically generated
Elevated DDoS Attack Counts Continue As June Progresses
Total attack counts have remained higher than average as June has progressed, reaching a peak on June 5th with 1,016 total attacks in a single day. This continued elevation of DDoS attack activity shows the power of geopolitical motives for hacktivist groups. A graph with blue lines Description automatically generated
Various Groups Are Taking Credit for the Attacks Against Romania
Multiple groups have claimed responsibility for these waves of attacks against Romanian targets. First, on June 5th, the hacktivist group CyberDragon took responsibility for a number of attacks. They claimed to be targeting the websites of the President, Parliament, Ministry of Justice, and Border Guard. This was in response to the possibility of transferring Patriot missiles to Ukraine.
Next, on June 17th, Cyber Army of Russia claimed credit after Romanian officials refused visas to Belarusian and Russian delegations for the Parliamentary Assembly of the Organization for Security and Cooperation in Europe (OSCE PA) in Bucharest. This wave of attacks reportedly started with the Port of Constanta being targeted.
Over the course of this DDoS and ransomware barrage, several groups have claimed credit outside of these two. Most attacks are targeting government targets, with banking taking the second spot.
Other Motivations Related to Recent Occurrences
Romania and South Korea have been discussing expanding their defensive cooperation, as reported by Yonhap News Agency. The two are discussing an expansion of their bilateral defense and arms cooperation agreement, allowing for increased arms exports to Europe for the South Korean side.
This is likely to have further engaged hacktivist groups, as Romania and other European partners in South Korean weapons trade are backing Ukraine in the conflict with Russia.
What’s Happening Now
Attacks are likely to continue to stay elevated or elevate further, especially considering that Romania agreed to send a Patriot missile system to Ukraine on June 20th. This has the potential to light a hotter fire under hacktivist adversaries and intensify their siege of Romanian websites and key services.
A strong DDoS protection solution is key to maintaining the availability of websites and services that are paramount to societal operation. Maintaining continuity is key when adversaries are fighting to disrupt it on religious and political grounds.