Romania’s presidential election interference
Overview
During Romania’s 2024 presidential election period (November–December 2024), Romanian authorities identified a large-scale interference campaign targeting government institutions, election infrastructure and the online information environment. The activity involved thousands of cyberattacks on government systems alongside coordinated online influence campaigns aimed at shaping public opinion during the election period. Romanian authorities assessed that the activity was likely linked to Russian actors and formed part of a broader pattern of hybrid interference targeting democratic processes across Europe.
Incident
During Romania’s 2024 presidential election period, Romanian authorities reported over 85,000 cyberattacks targeting government institutions and election-related infrastructure. These included attempts to access government systems and disrupt public websites connected to the electoral process. At the same time, a large-scale online influence campaign took place across social media platforms, particularly TikTok, where political content supporting candidate Călin Georgescu was widely promoted through coordinated online networks. The sudden rise in Georgescu’s online popularity raised concerns about coordinated foreign influence in the election campaign. The interference activity combined cyberattacks targeting government systems with information operations aimed at influencing public opinion during the election period.
Impact
The election process continued without physical disruption, but the incident increased political tension and concerns about election integrity and foreign interference. Romanian authorities were forced to respond with cybersecurity investigations and protective measures during the election period. The incident also contributed to broader European concerns about hybrid threats targeting democratic elections and public information environments.
Attribution
Romanian authorities assessed that the interference campaign was likely linked to Russian actors and was consistent with previous Russian hybrid interference operations targeting European elections. The combination of cyber activity and coordinated information campaigns reflects methods commonly associated with Russian hybrid tactics. NeverthelessHowever, attribution in such incidents remains difficult, particularly for influence operations, and responsibility is often assessed based on behavioural patterns and strategic interests rather than definitive public proof.
Lessons
This incident highlights the vulnerability of democratic elections to hybrid interference through cyberattacks and coordinated online influence campaigns. It shows how elections can be targeted by influencing public opinion and undermining trust in democratic processes rather than through physical disruption. The UK Foreign Affairs Select Committee chair, Emily Thornberry, has cited this incident as a reminder that “we cannot be complacent” and may be “next”.
The case reflects a wider pattern of interference targeting democratic institutions across Europe, andhighlighting the need for greater resilience and preparedness against hybrid threats aimed at undermining democratic stability. This incident demonstrates that defending democracy now requires more than state action - it demands a unified societal effort to safeguard information ecosystems, and reduce vulnerability to hybrid warfare. The UK Foreign Affairs Select Committee chair has cited this incident as a reminder that “we cannot be complacent” and may be “next”.