Romania’s national oil pipeline operator Conpet hit by cyberattack, website taken offline

Conpet, Romania’s national oil pipeline operator, disclosed that a cyberattack disrupted its corporate IT systems and took its website offline on Tuesday, prompting an investigation involving national cybersecurity authorities and prosecutors, while pipeline operations continued without interruption.

The company said the incident affected its business IT infrastructure but did not impact operational technologies or the transport of crude oil and petroleum products through the National Oil Transport System. Conpet confirmed that its supervisory control and data acquisition systems and telecommunications infrastructure remained fully functional, allowing it to meet all contractual obligations.

Conpet operates nearly 4,000 kilometers of pipelines that supply domestic and imported crude oil and derivatives, including gasoline and liquid ethane, to refineries across Romania. The company emphasized that the cyberattack did not disrupt the physical transport of oil or fuel products.

As a result of the incident, Conpet’s website became inaccessible and remained offline as restoration efforts continued. The company said it is working to recover affected systems and determine the scope and cause of the attack with assistance from national cybersecurity authorities.

Conpet also notified the Directorate for Investigating Organized Crime and Terrorism and filed a criminal complaint in connection with the incident.

While the company has not disclosed technical details about the nature of the cyberattack, a ransomware group known as Qilin claimed responsibility and listed Conpet on its dark web leak site. The group asserted that it exfiltrated nearly one terabyte of data from the company’s systems and released images of internal documents, including files containing financial information and passport scans, as evidence of the breach.

Qilin emerged in August 2022 as a ransomware-as-a-service operation originally known as Agenda and has since claimed responsibility for hundreds of attacks globally against organizations across manufacturing, energy, publishing, automotive and public sector industries.

The attack on Conpet adds to a series of recent ransomware incidents targeting critical infrastructure and public services in Romania. In December, Romanian Waters, the national water management authority, and Oltenia Energy Complex, the country’s largest coal-based power producer, were both hit by ransomware. Earlier incidents included a breach at a major electricity supplier in late 2024 and a widespread attack in February 2024 that disrupted healthcare management systems at more than 100 hospitals nationwide.