Romania’s oil pipeline operator confirms cyberattack as hackers claim data theft

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier this week, adding that oil transport operations were not affected.

Conpet, which operates about 3,800 kilometers (2,360 miles) of pipelines supplying domestic and imported crude oil and petroleum products to refineries across Romania, said its operational technology systems, including its supervisory control and data acquition (SCADA) and telecommunications systems, remained fully functional.

“The incident does not affect the operational activity, the stability of the company, or the ability of the entity to fulfill its contractual obligations,” the company said in a statement on Wednesday.

Conpet has not publicly identified the attackers or confirmed a data breach. However, the Qilin ransomware group earlier this week listed the company on its dark web leak site, claiming to have stolen nearly one terabyte of data. The group has also published images of alleged internal documents, financial records and passport scans.

Conpet said its specialists took immediate steps to mitigate the impact of the incident and are working with Romania’s national cybersecurity authorities to investigate and restore affected systems. The company also filed a criminal complaint. As of Friday, Conpet’s website remained inaccessible.

Qilin, a Russian-speaking ransomware-as-a-service operation active since 2022, emerged as one of the most destructive ransomware groups in 2025. The gang has previously targeted hospitals, government agencies, and private firms, including U.S. municipalities, Japanese beverage giant Asahi, and one of the largest newspaper chains in the United States. It has also claimed attacks on the governments of Malaysia and Palau.

Romania has faced a series of ransomware incidents in recent months. In December, an attack on the country’s national water management agency locked staff out of around 1,000 computers after attackers used Microsoft’s BitLocker encryption tool in an attempted ransom scheme. That same month, a ransomware attack hit Oltenia Energy Complex, Romania’s largest coal-based power producer, temporarily disrupting parts of its IT infrastructure.