CONPET , Romania’s state-controlled national oil pipeline operator, said a cyberattack disrupted its business IT infrastructure but did not affect operational technologies such as the SCADA and Telecommunication systems, with the National Oil Transport System continuing to operate normally.
The company noted the incident was detected on 3 February 2026 and that its website is currently inaccessible while internal specialists implement mitigation measures and cooperate with Romania’s national cybersecurity authorities to restore affected systems. A criminal complaint was filed with DIICOT on the same day, and Conpet emphasised that its core transport activities remained functional and not at risk.
The ransomware group Qilin added Conpet to its Tor data leak site on 5 February 2026, claiming the theft of 1TB of sensitive data and publishing images as proof of the hack. Security researchers have traced links to broader Romanian infrastructure incidents, with Qilin described as an active RaaS group, and a notable alliance forming earlier to bolster attack capabilities.