Cyberattacks on infrastructure seem to be becoming a part of daily life. The latest one hit the Romainian water management authorities, taking around 1,000 computers down, affecting 10 of the country's 11 regional offices with hostile data encryption (ransomware).
No criminal group has yet claimed the action, but the attackers left a message demanding the institution contact them in seven days. The affected management systems include email, web services, databases, and Geographic Information Systems. Predictably, Windows workstations and domain name servers were also hit.
Thankfully, Romania's taps still flow freely, as no actual water control systems were reportedly affected, and that "[control] activity [is] carried out within normal parameters, through dispatches and voice communications." That's better luck than Denmark had in 2024, when a similar infrastructure attack resulted in actual burst pipes.
Romania's National Directorate for Cyber Security (DNSC) says that the attack vector remains unidentified, but that the data encryption was performed using Windows' own BitLocker rather than some more esoteric tool. The DNSC and the Romanian Intelligence Service are investigating the matter and attempting to restore the infrastructure's systems, though no further details have yet emerged.
Although this latest attack hasn't been claimed by any particular group, at first sight it appears to follow the general pattern of similar attacks on western nations' infrastructure, in what some European countries have described as a "hybrid war."
Just last week, Denmark formally accused Russia of two cyber-attacks on its infrastructure. In 2024, the pro-Russian Z-Pentest hit Danish water control systems, managing to change water pressure and burst three pipes in Køge, south of Denmark, leaving 500 homes without water for a few hours. And in 2025, another pro-Russian group NoName057(16) executed a distributed denial-of-service attack on Danish websites ahead of elections. Germany took a similar stance earlier this month, attributing an attack on Germany's air traffic control systems in 2024 to the Russian Fancy Bear group.
Regardless of who's behind the attack, most any systems administrator will tell you that unfortunately, cyber-security is by default one of the lowest-priority items on any installation, and generally seen as as an obstacle to work. Lessons are almost always only learned when an attack lands, and even then, they're often quickly forgotten. Perhaps the silver lining of these recent cyber-attacks is increased public awareness.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.
A country with properly prepared secret services shouldn't have trouble mitigating this. Romania is also home to Bitdefender. One would think they'd get involved with securing vital systems in the country.
