**Romania's National Oil Pipeline Firm Conpet Hit by Cyberattack**
Romania's national oil pipeline operator, Conpet, has fallen victim to a devastating cyberattack that has disrupted its business systems and temporarily knocked its website offline. The state-controlled company, which owns and operates the country's crude oil, condensate, and liquid petroleum product pipeline network, reported the attack on February 3, 2026.
According to Conpet's press release, the cyberattack impacted the company's business IT infrastructure, but fortunately, its operational technologies, including SCADA (Supervisory Control and Data Acquisition) systems and telecommunications networks, remained unaffected. The National Oil Transport System continues to operate normally without any disruptions or safety issues. Oil and fuel transport activities have also continued uninterrupted.
As a result of the incident, Conpet's website is currently inaccessible, but internal specialists are working closely with Romania's national cybersecurity authorities to investigate the incident and restore affected systems as quickly as possible. The company has filed a criminal complaint with Directorate for Investigating Organized Crime and Terrorism (DIICOT), Romania's organized crime and terrorism investigation directorate.
"CONPET S.A. informs about the fact that, on 03.02.2026, there was a cyber attack that affected the business IT infrastructure of the company," reads the press release published by Conpet. "We mention that the operational technologies (SCADA System and Telecommunication System) have not been affected, thus the basic activity of the society, consisting of the transport of oil and gasoline through the National Oil Transport System, operates in normal parameters and there are no synchronization in its operation."
The company has refused to provide technical details about the attack, but the ransomware group Qilin added Conpet to its Tor data leak site on February 5, 2026. The extortion group claims the theft of 1TB of sensitive data and published images of stolen data as proof of the hack.
Qilin ransomware operation has been active since 2022 and has become one of the most active RaaS (Ransomware-as-a-Service) groups in 2025, claiming over 40 victims monthly and peaking at 100 in June. Recently, researchers from Resecurity detailed how Qilin relies on global bulletproof hosting networks to support its extortion operations.
This incident is not an isolated one; other critical infrastructure operators in Romania have suffered ransomware attacks, including Romania's largest coal-based power producer Oltenia Energy Complex and Romanian energy supplier Electrica Group. The alliance between DragonForce, LockBit, and Qilin has marked a major shift in the cyber threat landscape, signaling a growing trend of collaboration among ransomware groups to enhance their attack capabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for more updates on cybersecurity news and threats.