Romanian Oil Pipeline Operator Conpet Hit by Qilin Ransomware Attack
Romania’s national oil pipeline operator, Conpet, confirmed a cyberattack on Tuesday that disrupted its corporate IT systems and took down its website. The company, which manages nearly 4,000 kilometers of pipelines transporting crude oil, gasoline, and other derivatives to refineries nationwide, stated that operational technologies including its SCADA and telecommunications systems remained unaffected, ensuring uninterrupted core operations.
In a Wednesday press release, Conpet acknowledged the incident but assured that it had not impacted its ability to meet contractual obligations. The company is working with Romanian cybersecurity authorities to investigate and restore affected systems. It also filed a criminal complaint with the Directorate for Investigating Organized Crime and Terrorism (DIICOT).
The Qilin ransomware gang has claimed responsibility, listing Conpet on its dark web leak site and alleging the theft of nearly 1TB of data, including financial documents and passport scans. The group, active since August 2022 under the "Agenda" Ransomware-as-a-Service (RaaS) model, has targeted nearly 400 victims, including major organizations like Nissan, Asahi, and Synnovis.
This attack follows a recent surge in cyber incidents targeting Romanian critical infrastructure, including ransomware strikes on Romanian Waters, Oltenia Energy Complex, Electrica Group, and over 100 hospitals earlier this year. Conpet has not yet disclosed further details on the breach.
Conpet TPRM report: https://www.rankiteo.com/company/conpet2023
Romanian Waters TPRM report: https://www.rankiteo.com/company/romanian-energy-center
Electrica Group TPRM report: https://www.rankiteo.com/company/societatea-nationala-nuclearelectrica-sa
"id": "conromsoc1770309414",
"linkid": "conpet2023, romanian-energy-center, societatea-nationala-nuclearelectrica-sa",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Energy/Oil & Gas',
'location': 'Romania',
'name': 'Conpet',
'type': 'Oil pipeline operator'}],
'data_breach': {'data_exfiltration': 'Alleged theft of nearly 1TB of data',
'personally_identifiable_information': 'Passport scans',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial documents',
'Passport scans']},
'date_detected': '2024-06-11',
'date_publicly_disclosed': '2024-06-12',
'description': 'Romania’s national oil pipeline operator, Conpet, confirmed a '
'cyberattack that disrupted its corporate IT systems and took '
'down its website. The Qilin ransomware gang claimed '
'responsibility, alleging the theft of nearly 1TB of data, '
'including financial documents and passport scans. Operational '
'technologies, including SCADA and telecommunications systems, '
'remained unaffected.',
'impact': {'data_compromised': 'Nearly 1TB of data',
'identity_theft_risk': 'High (passport scans exposed)',
'operational_impact': 'Disrupted corporate IT systems; no impact '
'on core operations',
'systems_affected': 'Corporate IT systems, website'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Nearly 1TB of data',
'ransomware_strain': 'Qilin (Agenda RaaS)'},
'references': [{'date_accessed': '2024-06-12',
'source': 'Conpet press release'}],
'regulatory_compliance': {'legal_actions': 'Criminal complaint filed'},
'response': {'communication_strategy': 'Press release',
'law_enforcement_notified': 'Directorate for Investigating '
'Organized Crime and Terrorism '
'(DIICOT)',
'recovery_measures': 'Restoring affected systems',
'third_party_assistance': 'Romanian cybersecurity authorities'},
'threat_actor': 'Qilin ransomware gang',
'title': 'Romanian Oil Pipeline Operator Conpet Hit by Qilin Ransomware '
'Attack',
'type': 'Ransomware'}