Conpet, Romania’s national oil pipeline operator, said in a press release on Wednesday that a cyberattack on Tuesday disrupted its corporate IT systems and took down its website while transport operations continued normally.
KEY FACTS
- Incident Corporate IT systems disrupted and the website was made inaccessible
- Operational impact SCADA and telecommunications systems not affected and transport operations continued
- Data claim The company was added to a Qilin dark web leak site with files posted as proof
- Authorities DIICOT notified and a criminal complaint filed
The operator manages nearly 4,000 kilometres of pipeline supplying crude and derivatives to refineries across Romania. The disclosure indicates core transport activity through the national oil transport system continued without interruption.
Operational technologies such as the SCADA system and telecommunications were reported as unaffected. Business and corporate IT infrastructure were the elements identified as disrupted and are being restored with support from national cybersecurity authorities.
The Qilin ransomware gang appears on a dark web leak site associated with the incident. Files posted include an assertion of nearly 1TB of documents and more than a dozen photos of internal documents plus passport scans presented as proof.
Authorities including the Directorate for Investigating Organized Crime and Terrorism were notified and a criminal complaint filed. The company is investigating the incident and working to restore affected systems while continuing to meet contractual obligations.
WHY IT MATTERS
The incident shows a ransomware group posting alleged stolen data from a major national infrastructure operator while transport operations remained intact. It increases scrutiny on corporate IT security and incident response for critical infrastructure firms.