Russia accused of cyber attacks on Romania

Politics - August 11, 2023

The head of Cyberint Romania, Romanian Intelligence Service General Anton Rog, recently returned to the public eye with statements about the cyber attacks Russia has allegedly launched on Romania since the invasion of Ukraine. The statements were made during a discussion with the public on an online platform – StakeBorg – and were picked up by the entire Romanian press, which has been questioning General Anton Rog in recent times on issues related to cyber attacks against Romanian state institutions and media entities. What is worth mentioning is that the topic of Russian cyber attacks was only one of the “burning” issues addressed in the StakeBorg discussions. The second topic – which concerned the involvement of the Romanian Intelligence Service in the upcoming elections in Romania next year – was treated without any hesitation by the SRI general, even though it concerns the sensitive subject of the provisions of the cyber security law.

FSB, SVR and GRU attacked Romanian state institutions with malware

Cyberint chief Gen. Anton Rog, who is now announcing that FSB, SVR and GRU have attacked Romanian state institutions with malware – is the one who, some time ago, revealed that Russia and China are just some of the countries that have launched cyber attacks in recent years that have also affected Romania. Anton Rog also recently stated that the Russian Federation had prepared a cyber attack last year on the modems used to connect to the Viasat satellite system, an attack that affected Romania, among other countries. The head of Cybernet also revealed, in an interview with Digi24, his views on the hacker group Killnet, which he said is a pro-Russian group whose members defend Moscow’s interests and that there is information that it includes Romanian citizens.

According to Anton Rog, the Romanian Intelligence Service (SRI) is combating these attacks based on the new cyber security strategy, with a classified annex containing offensive measures against hackers. The linking of the two topics in the SRI general’s recent outburst on the StakeBorg youtube channel – that of cyber attacks by Russian intelligence services and the SRI’s “bare-knuckle” application of cyber security law – is odd, to say the least. And this in the context that they come shortly after the resignation of SRI chief Eduard Hellvig, so they could be interpreted, according to the executive director of the Association for Technology and the Internet (ATI), Bogdan Manolea, quoted by Europa Liberă, in the idea that the secret service plans to take advantage of the vagueness of the cyber security law to get involved in the upcoming elections.

Romanian websites running disinformation campaigns could be shut down

In short, Anton Rog claimed that the SRI will eliminate hybrid “threats” coming from some sites by simply “taking them down”.  If a political party is carrying out hybrid actions, disinformation campaigns that change the constitutional order, i.e. influence elections, then “we use all the means and force available to an intelligence service to eliminate that threat,” the Romanian Intelligence Service general said. 

According to General Rog, Russian malware attacks have been going on for some time and have been “attributed” to the three intelligence services – the internal FSB, the external SVR and the GRU – of the Russian Army.

“All three Russian intelligence services, FSB, GRU and SVR, have been attacking important institutions in the Romanian government with a complex Advanced Persistent Threat (APT) malware. It’s a malware that doesn’t make noise, that stays very long in networks, that has some extremely innovative ways of stealing data and that stays there for a very long time,” said Anton Rog.

Prior to the outbreak of the conflict in Ukraine, only two Russian intelligence services attempted to attack government institutions in Romania. After the outbreak of the war, a third intelligence service, the SVR, was identified as having attacked Romania’s information security. 

“Before the war in Ukraine started, there were two services buzzing us in one – the GRU with APT28 and the FSB with much more complex malware. The GRU is noisier, it’s from the military. The FSB is classier and with more complex malware. Since the war started, the SVR came along, with APT29. Advanced Persistent Threat is a cybercrime group funded and coordinated by an intelligence service, the state. We call it in the vernacular of state actor,” he explained.

“Most often we do technical attribution, i.e. we analyse the malware, analyse the modus operandi and give a percentage from which we say the degree of similarity. The most complicated thing from that point of view is attribution. We ended up with a Romanian state institution where these three services work competitively, where all three are there at the same time, with APTs”, said the general.

Anton Rog said, without giving specifics, that it is a ministry in the Romanian government from which all Russian intelligence services are trying to steal data. Rog explained that the malware steals data using photos or videos they post on the Internet from the work computer, to which they attach data.

“The photos and videos still open, they can be viewed, if you are experienced you can see they are larger than normal, but that’s the only clue. And that’s how you send photos to various accounts and with them goes the data. It’s almost impossible to tell. What’s more, when Russian, but not only Russian, but also Chinese actors penetrate a network, they also manage the network, i.e. they optimise it so that everything works well, so that everything is normal. And the quality of their administration is better than the one of local administrators. The goal is to stay under the radar, because we are talking about cyber espionage,” explained the SRI general.

According to Rog, last year, the Russian Federation prepared a cyber attack on the modems connecting to the Viasat satellite system and wanted to disrupt communications especially for the Ukrainian military. The Russian cyber-attack affected almost half of European countries, including Romania. At the same time, the Russian attack on the Viasat satellite system has affected the whole of Eastern Europe – the countries concerned are Poland, Hungary, the Czech Republic and the Baltic States, and it has even affected Germany and the Netherlands. 

“They were not precise and they affected about half of Europe, including Romania, the whole eastern part – Poland, Hungary, Czechia, Baltic states, Germany, even as far as the Netherlands,” the Cyberint chief said.

“We had technical data and were able to make the attribution that it was the Russian Federation that carried out this attack,” Rog said in an earlier statement released to the public.

Russian cyber attacks on NATO countries have increased exponentially 

Russian cyber attacks have increased by 300% in North Atlantic Treaty Organisation (NATO) member countries over the past year compared to 2020 and by 250% in Ukraine, according to data revealed in a study for Google cited by AFP. 

“Cyber operations by Russian government-backed attackers have become increasingly powerful during 2021, ahead of the Russian invasion” of Ukraine on the 24th of February 2022, notes the report by cybersecurity firm Mandiant, which was recently taken over by Google Cloud for integration into the US giant’s Threat Analysis Group (TAG).

“In 2022, Russia boosted its targeting of users in Ukraine by 250% compared to 2020. Targeting of users in NATO member countries increased by more than 300% during the same period. It is clear that cyber (technology), will now play an integrated role in future armed conflicts in support of traditional forms of warfare,” the report states.

Malware written by malicious actors, with Artificial Intelligence, is much more powerful

With Artificial Intelligence (AI) increasingly present in our lives, Anton Rog believes its use needs to be much better regulated. In this context, he gave examples of how AI has proved its danger.

“Artificial intelligence is very present. Who thinks we’re talking about it growing in the future… No, it’s already there. It needs to be much better regulated. It’s super-present in our lives and all those conveniences that we feel on smart devices on our phones happening to us. They all have Artificial Intelligence in them. It helps us detect malware faster, prioritise threats, automate processes, analyse large volumes of data and reduce human error. Malware written by malicious actors, with AI, is much more powerful. The complexity of malware developed with Artificial Intelligence has greatly increased, as have the systems in which such malware is created. There is something called Intrusion Detection System. One researcher did an experiment and asked a chat: ‘Please generate me a code for a computer program that will not be detected by the EDR (Endpoint Detection and Response) of this company’. In five minutes, he generated it, tested it in the lab and the EDR didn’t detect it. I want you to understand that the impact is devastating. It’s something we can’t imagine at the moment. That’s why I think it has to be very well regulated. There was another experiment in the United States where an operator launched a missile and asked for AI-based control that, whatever it was, the missile would reach its target. When he wanted to intervene, to change the trajectory, the Artificial Intelligence with sensors simply threatened his life, i.e. it wanted to electrocute him, to generate voltages,” Anton Rog warned at a specialist conference.

In mid-June, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act, giving the “green light” to rules aimed at ensuring safe and transparent AI by 499 votes to 28 with 93 abstentions. The rules follow a risk-based approach and set out the obligations for providers and implementers of AI systems in the level of risk that AI can present. 

Anton Rog is head of the National Cyberint Centre of the Romanian Intelligence Service (SRI). Cyberint is responsible for conducting 24/7 activities to proactively discover, characterise and counter cyber threats to systems and networks critical to Romania’s national security. Anton Rog has held various technical development positions, including software and systems design. He has also served as Deputy Director in the central IT&C department of SRI.