A coordinated cyberattack by a pro-Russian hacker group disrupted several Romanian government websites and the online platforms of presidential candidates during the first round of the country’s presidential elections on Sunday, 4 May.
The Romanian press agency G4Media reported that the cyberattacks were carried out by a group known as DDOSIA, also referred to as NoName057. The targets included the official website of Romania’s Constitutional Court, the main government portal, and the Ministry of Foreign Affairs, as well as websites affiliated with presidential contenders.
The Romanian National Cybersecurity Directorate confirmed the incidents, stating that among those affected were the campaign websites of Crin Antonescu, the candidate representing the ruling coalition, and Nicușor Dan, the mayor of Bucharest running as an independent.
The hacker group publicly claimed responsibility for the attacks via its Telegram channel, listing further targets including the websites of the Ministries of Internal Affairs and Justice.
According to the cybersecurity authority, the websites identified by the group had resumed normal functioning by 14:00 local time on Sunday.
The timing of the attack coincided with the first round of presidential voting in Romania, raising concerns about the vulnerability of digital infrastructure during key democratic processes. Cybersecurity specialists have not indicated whether any data was compromised or whether the disruptions had any direct impact on voter turnout or election operations.
In the election itself, Giorghe Simion, leader of the ultra-nationalist Alliance for the Union of Romanians (AUR), emerged as the frontrunner with 40.94% of the vote. Simion, widely seen as pro-Russian in his political stance, has built his campaign around nationalist rhetoric and criticism of Romania’s current Western-oriented policies. His result places him in a strong position ahead of the second round.
Independent candidate Nicușor Dan secured 20.99%, placing second. Speaking after the preliminary results were announced, Dan expressed cautious optimism about his prospects in the runoff but acknowledged the challenges ahead, noting the polarising political climate and Simion’s momentum.
Crin Antonescu, the candidate backed by the governing coalition, failed to progress to the next round and subsequently conceded defeat. However, he declined to state which of the remaining candidates he would endorse in the run-off election, leaving open questions about the potential alignment of centrist and centre-right votes in the next stage.
This incident marks the latest in a series of cyber operations attributed to pro-Russian actors targeting countries in Central and Eastern Europe, particularly during politically sensitive periods. Romanian authorities have not formally attributed the attack to the Russian state, but DDOSIA/NoName057 has previously expressed support for the Kremlin and aligned itself with similar campaigns against NATO member states.
The development follows broader patterns observed since the start of Russia’s full-scale invasion of Ukraine in 2022, where cyber tools have been increasingly deployed alongside traditional forms of political interference. Several EU member states have issued warnings regarding heightened cyber threats in the context of elections, critical infrastructure, and diplomatic institutions.
Romania is a member of both the European Union and NATO. Its government has consistently supported Ukraine and endorsed EU sanctions against Russia. The emergence of Simion as a leading candidate, coupled with external cyber interference, is likely to raise concerns among Western partners about the future trajectory of Romanian foreign and security policy.
The second round of the presidential election is scheduled to take place in two weeks. Authorities have not announced any new security measures following Sunday’s attacks but have indicated ongoing monitoring of potential threats.
Meanwhile, analysts suggest the cyberattack may have been aimed more at undermining public confidence and signalling political influence than at causing lasting damage. Nonetheless, the incident underscores persistent vulnerabilities in cyber defences and the strategic use of digital disruption by non-state actors with geopolitical motivations.
Read also:
Pro-Russian Hackers Disrupt Belgian Government Websites in Series of Cyber-Attacks
