BusinessCybersecurityNewswireTechnologyWhat's Buzzing

Romania’s land registry hacked, stolen data reportedly for sale

▼ Summary

– A cyber attack, initially reported as a technical incident, disrupted Romania’s ANCPI e-Terra cadastre app on July 14, though ANCPI claims no data was compromised.
– The e-Terra application is expected to remain unavailable until the end of the current week, stalling ongoing real estate transactions.
– Adrian Vascu argued the outage reveals a lack of backup provisions in digitalized systems, which undermines trust and continuity.
– A threat actor named ByteToBreach claims to have stolen Romanian citizen data, GitLab source code, and deployed ransomware, providing screenshots as proof.
– ByteToBreach uses techniques like exploiting vulnerabilities, credential reuse, and brute force; their past claims have often been verified by affected organizations.

Romania’s National Agency for Cadastre and Land Registration (ANCPI) faced a severe operational breakdown on Tuesday, July 14, when its e-Terra cadastre and land registry application suddenly went offline for users.

Initially dismissed as a “major technical incident,” the disruption has now been officially classified as a cyber attack. While Romania’s competent state institutions are still investigating the circumstances, ANCPI has publicly stated that the data managed through its IT systems has not been compromised as a result of this incident.

Property transactions have ground to a halt due to the outage. In a Facebook post published on Wednesday, July 15, the agency estimated that “from the information we have at this time, most likely, the e-Terra application will not be available until the end of the current week.” The post continued, “We regret the situation created and assure you that our technical teams are making every effort to restore the functioning of the systems under safe conditions for all users, as soon as possible.”

ANCPI has promised to release updates as the investigation continues. But in the meantime, the outage has stalled real estate transactions already in progress, exposing a deeper vulnerability in the country’s digital infrastructure.

Adrian Vascu, Senior Partner at Romanian business advisory firm Veridio, argued in a LinkedIn post that the disruption exposes a fundamental flaw: digitalized systems built without backup provisions for when they inevitably fail. “A failure can happen at any time, but it is mandatory to ensure continuity or an alternative,” he wrote. “Digitalization quickly creates dependency, but it must also ensure trust.”

Meanwhile, a threat actor claims data theft and ransomware deployment. Dark Web Informer flagged that an individual operating under the alias “ByteToBreach” is attempting to sell data allegedly stolen from ANCPI on a dark web forum. The actor claims to have compromised data belonging to Romanian citizens and various ANCPI databases, made a copy of the agency’s GitLab servers and the source code contained within, and deployed ransomware. As proof, ByteToBreach provided screenshots taken during the intrusion.

ByteToBreach is known for selling data stolen from a variety of organizations around the world on DarkForums. According to cyber threat intelligence company KELA Cyber, “Based on ByteToBreach posts, he uses a mix of multiple technical approaches: Exploiting known vulnerabilities in cloud and corporate infrastructure, reusing stolen credentials harvested from infostealers and phishing, and at times resorting to brute force or misconfiguration based access to gain footholds. Once inside, the focus is data exfiltration – employee records, databases, backups, and sensitive documents that are later sold or leaked publicly to prove claims.” KELA added, “Several incidents included datasets that were later corroborated by affected organizations or contained verifiable technical artifacts, underscoring that many of the actor’s claims were not mere bluff.”

Given that track record, ByteToBreach’s claim may well be substantiated, but for now it remains unverified.

(Source: Help Net Security)

Topics

cyber attack 95% system outage 90% data theft claims 88% ransomware deployment 85% digitalization risks 82% threat actor profile 80% real estate impact 78% investigation ongoing 75% data security 73% dark web activity 70%