Several pro-Russia hacker groups have allegedly carried out a massive Distributed Denial-of-Service (DDoS) attack in Romania on June 18, 2024. The Romania Cyberattack has affected critical websites, including the official site of Romania and portals of the country’s stock exchange and financial institutions. The attack was allegedly conducted by NoName in collaboration with the Russian Cyber Army, HackNet, and CyberDragon and Terminus. The extent of the damage, however, remains unclear.

Details About Romania Cyberattack

According to NoName, the cyberattack was carried out on Romania for its pro-Ukraine stance in the Russia-Ukraine war. In its post on X, NoName claimed, “Together with colleagues shipped another batch of DDoS missiles to Romanian government websites.” The threat actor claimed to have attacked the following websites:

• The Government of Romania: This is not the first time that the country’s official site was hacked. In 2022, Pro-Russia hacker group Killnet claimed to have carried out cyberattacks on websites of the government and Defense Ministry. However, at that time, the Romania Government claimed that there was no compromise of data due to the attack and the websites were soon restored.
• National Bank of Romania: The National Bank of Romania is the central bank of Romania and was established in April 1880. Its headquarters are in the capital city of Bucharest.
• Aedificium Bank for Housing: A banking firm that provides residential lending, home loans, savings, and financing services. It was founded in 2004 and has branches in the European Union (EU), and Europe, Middle East, and Africa (EMEA).
• Bucharest Stock Exchange: The Bucharest Stock Exchange is the stock exchange of Romania located in Bucharest. As of 2023, there were 85 companies listed on the BVB.

Despite the bold claims made by the NoName group, the extent of the Romania cyberattack, details of compromised data, or the motive behind the attack remain undisclosed. A visual examination of the affected organizations’ websites shows that all the listed websites are experiencing accessibility issues. These issues range from “403 Forbidden” errors to prolonged loading times, indicating a probable disruption or compromise. The situation is dynamic and continues to unravel. It is imperative to approach this information cautiously, as unverified claims in the cybersecurity world are not uncommon. The alleged NoName attack highlights the persistent threat of cyberattacks on critical entities, such as government organizations and financial institutions. However, official statements from the targeted organizations have yet to be released, leaving room for skepticism regarding the severity and authenticity of the Romania cyberattack claim. Until official communication is provided by the affected organizations, the true nature and impact of the alleged NoName attack remain uncertain.

Romania Cyberattacks Are Not Uncommon

This isn’t the first instance of NoName targeting organizations in Romania. In March this year, NoName attacked the Ministry of Internal Affairs, The Service of Special Communications, and the Central Government. In February, Over a hundred Romanian healthcare facilities were affected by a ransomware attack by an unknown hacker, with some doctors forced to resort to pen and paper.

How to Mitigate NoName DDoS attacks

Mitigation against NoName’s DDoS attacks require prolonged cloud protection tools and specialized software and filtering tools to detect the flow of traffic before it can hit the servers. In some cases, certain antivirus software can be successful in detecting threats that can be used by organizations to launch DDoS attacks. A robust and essential cyber hygiene practice to avoid threats includes patching vulnerabilities and not opening phishing emails that are specially crafted to look like urgent communications from legitimate government organizations and other spoofed entities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A notorious Chinese hacking group has reportedly gone on a cyber offensive against South Korea and targeted most of the country’s Government and financial sites. The CyberDragon hacking group has a mixture of Chinese and Russian ties and has been critically targeting countries that have been condemning Russia for the ongoing war in Ukraine. South Korea President Yoon Suk Yeol had recently confirmed his country's participation in a Ukraine peace summit in Switzerland this weekend to rally support for the country ending its war with Russia. Last year, Seoul had increased its Ukraine Aid package to $394 Million For 2024.

Government, Financial Sites Attacked by CyberDragon Hacking Group

Irked by its support being garnered against Russia, CyberDragon launched an extensive cyberattack on key South Korean sites and criticized the country for its alleged promotion of Russophobia. In its post on darkweb, CyberDragon said, “We are joining the “South Korean Company”. This is a country that has long been promoting Russophobia by supporting the Kyiv regime.” The list of websites reportedly targetted by CyberDragon include: Shinhan Financial Group: It was founded in September 2001 and is one of South Korea's big five financial groups. Its subsidiaries provide a full range of financial services, including banking, securities, life insurance, and investment banking. State Korean Import-Export Bank KEXIM:  The Export-Import Bank of Korea, also commonly known as the Korea Eximbank (KEXIM), is the official export credit agency of South Korea. The bank was first established in 1976. Its primary purpose is to support South Korea's export-led economy by providing loans, financing mega projects and thereby facilitating economic cooperation with other countries. [caption id="attachment_77014" align="alignnone" width="1600"] Home Page of Korea Eximbank[/caption] Korea Customs Service: The Korea Customs Service was established in 1970 and is one of tax organizations in South Korea and is run under the Ministry of Economy and Finance. The headquarters is in Seo District, Daejeon. Korean National Police: The Korean National Police Agency (KNPA), also known as the Korean National Police (KNP), is one of the national police organizations in South Korea. It is run under the Ministry of the Interior and Safety and is headquartered in Seodaemun, Seoul. National Tax Service: It is the tax organization in South Korea and is run under the Ministry of Economy and Finance. Its headquarters is in Sejong City. Like many of the previous attacks carried out by the Cyberdragon hacking group, it is unclear if sensitive data of the organisations listed above was compromised. Prima Facie, it looks like the group carried out a DDoS attack meant to disrupt the platform’s services. None of the organizations have publicly responded to the alleged breach. Most of the organizations too seem to have restored the functioning of its websites, hours after the group claimed to have carried out a cyberattack.

Previous Operations by CyberDragon Hacking Group

The CyberDragon group gained popularity after it took down the website and app for almost 24 hours after a massive data breach in March 2024. CyberDragon had then posted evidence of the attack on its TOR platform but LinkedIn didn’t comment on the attack. The peculiar hacking actor has both Chinese and Russian ties. It carries out cyberattacks with many pro-Russian hackers and most of its statements are posted in Russian. Both China and Russia are global allies and the targets of CyberDragon indicate their ideological and political affiliations. This scenario is, however, not new in the cybercrime world. Organizations around the world must deal with the fallout of cyberattacks by groups like CyberDragon. Their attacks indicate why it is crucial to remain vigilant and implement stringent security measures against cyberattacks.