Romania’s national oil pipeline operator, Conpet, has confirmed that it was the victim of a significant cyberattack that disrupted core business systems and temporarily took its corporate website offline on Tuesday. The company said its operational systems remained intact, but the breach has raised fresh concerns about cybersecurity risks facing critical infrastructure sectors.

IT Systems Disrupted, Website Offline

In an official press release this week, Conpet acknowledged that a cyberattack affected its internal business infrastructure, forcing the company to shut down access to its website while it works to restore systems. Despite the incident, the operator said that its core pipeline operations continued without disruption and that it has been able to meet contractual obligations for crude oil and derivative deliveries across Romania.

The operator, which manages nearly 4,000 km of pipelines transporting crude oil and products such as gasoline and ethane to refineries nationwide, emphasized that operational technology systems — including SCADA (Supervisory Control and Data Acquisition) and telecommunications — were not impacted by the breach.

Qilin Ransomware Group Takes Credit

While Conpet has not officially disclosed the specific nature of the attack, the Qilin ransomware gang has claimed responsibility, adding the company to its dark-web leak site and asserting that it exfiltrated nearly 1 terabyte of internal documents from Conpet’s compromised systems. Among the proof allegedly published by the group are photos of financial documents and scans of passports believed to belong to Conpet staff.

Qilin is considered one of the more prolific ransomware-as-a-service (RaaS) operations, having emerged in 2022 and been linked to hundreds of victims globally — including major corporations and public-sector entities.

Official Response and Ongoing Investigation

Romanian authorities are now involved in the incident response. Conpet reported the attack to the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and has filed a criminal complaint. The company is also working with national cybersecurity agencies to investigate the breach and restore affected systems.

Efforts to reach Conpet for further comment were not immediately successful at the time of reporting.

Broader Context of Cyber Threats in Romanian Infrastructure

This incident is the latest in a series of cyberattacks targeting critical infrastructure in Romania. In recent months, the Romanian water management authority and the Oltenia Energy Complex, the country’s largest coal producer, suffered ransomware incidents. Earlier breaches in the energy sector include attacks on Electrica Group and a wide-scale ransomware incident that disrupted hundreds of hospital systems.

Such incidents underscore the growing vulnerability of vital service sectors to increasingly sophisticated ransomware operations — a trend that experts say reflects broader global challenges in defending interconnected industrial and IT systems.