Romanian Oil Pipeline Operator Hit by Cyberattack, Transport Operations Secure
Romania’s national oil pipeline operator, Conpet, announced Wednesday that it has fallen victim to a cyberattack, marking the latest in a series of digital strikes against the nation’s critical energy infrastructure.
The breach targeted the company’s corporate IT systems and briefly disabled its public website. Despite the disruption to business networks, Conpet officials confirmed that the core technology managing the country’s vast energy artery remains unscathed.
Conpet manages a network of nearly 4,000 kilometers (approximately 2,500 miles) of pipelines. This infrastructure is vital for moving domestic and imported crude oil, gasoline, and petroleum derivatives to refineries across the country.
In a public statement, the company emphasized that the "transport of crude oil and fuel through the national pipeline system was not disrupted."
The systems responsible for supervising pipeline flows and telecommunications networks were isolated from the breach and continued to function normally.
While the physical flow of oil remains steady, the company’s data security faces a significant challenge.
The ransomware group Qilin, which surfaced in 2022, has claimed responsibility for the attack. The group added Conpet to its dark web leak site, alleging the exfiltration of nearly one terabyte of sensitive data.
To pressure the operator, Qilin published samples of the stolen material, which reportedly include financial records and passport scans.
Conpet has not commented on the specific volume of data lost but has filed a formal criminal complaint with Romania’s Directorate for Investigating Organised Crime and Terrorism.
The incident highlights a persistent trend in Eastern Europe, where corporate IT "front offices" are targeted even when the "back end" industrial controls are secure.
Over the past year, Romania has seen similar ransomware strikes against water authorities, energy producers, and hospitals.
Conpet is currently working with national cybersecurity authorities to investigate the breach and restore its public-facing web services.