Attacks and Vulnerabilities Control device security Critical infrastructure Industrial Cyber Attacks Malware, Phishing & Ransomware Mining, Oil & Gas News Secure Remote Access Supply Chain Security System Design & Architecture Threat Landscape Vulnerabilities Romania’s oil pipeline operator Conpet targeted in cyberattack, as Qilin alleges 1TB data breach February 06, 2026 Conpet, Romania’s national oil pipeline operator, said on Feb. 3 it was targeted by a cyberattack that disrupted its corporate IT infrastructure and took its website offline. The company said the incident did not affect oil transport operations or its ability to meet contractual obligations, noting that OT (operational technology) systems, including SCADA (supervisory control and data acquisition) and telecommunications, remained fully functional. This comes as Qilin said that it had added Conpet to its dark web leak site, claiming to have stolen nearly one terabyte of data and publishing images of alleged internal documents, financial records, and passport scans. The company has not disclosed details on the nature of the attack or data breach, although threat actors have claimed data theft. On Thursday, the Russia-based Qilin ransomware group wrote in a message posted on X, formerly Twitter, added Conpet to its dark web leak site, claiming it had exfiltrated nearly one terabyte of data. The group has also posted images it says show internal documents, financial records, and scanned passports. In October, Qilin claimed responsibility for a data breach at Asahi Group Holdings that reportedly forced the company to suspend orders, shipments, and customer service. Conpet operates nearly 3,800 kilometers of pipelines supplying domestic and imported crude oil and petroleum products to refineries across Romania. “We mention that the operational technologies (SCADA System and Telecommunication System) have not been affected, thus the basic activity of the society, consisting of the transport of oil and gasoline through the National Oil Transport System, operates in normal parameters and there are no synchronization in its operation,” Conpet Communication and Public Relations Service wrote in a Facebook post. “As a result of this incident, the company’s website www.conpet.ro cannot be accessed during this period.” It added, “Our company’s specialists have taken immediate steps to mitigate the effects of this incident and are constantly working with representatives of national cybersecurity authorities to investigate the incident and quickly restore the affected infrastructure. Also, on the same day, the society also submitted the Directorate for Investigation of Organized Crime and Terrorism (DIICOT), filing a criminal complaint regarding the incident.” Conpet states that the current situation does not affect the operational activity, company stability, or its ability to fulfill its contractual obligations. Last October, Comparitech reported that Qilin had reached its 700th ransomware attack of 2025, cementing its status as the most prolific ransomware operator in recent years. According to the research firm, just ten months into the year, Qilin had already eclipsed the previous year’s most active strain, RansomHub, which claimed 547 victims throughout 2024. The gang’s primary targets include manufacturers , financial firms, retailers, healthcare providers , and government agencies, critical sectors where system encryption or data theft can cause severe disruption and put data subjects at risk. The Conpet disclosure comes as Russia’s state-aligned cyber operations against European critical infrastructure have grown more pronounced and diversified, revealing an evolving strategic approach. Security authorities in Latvia highlight that hostile Russian cyber activity remains a major threat to industrial control systems throughout Europe and the West. These operations aim to disrupt vital services, create instability, and retaliate for political backing of Ukraine, with OT networks identified as especially at risk. Analysts attribute destructive malware attacks on Poland’s electricity grid to the Sandworm APT, a group with a lengthy record of disruptive campaigns, including data‑wiping assaults that jeopardized energy sector communications in late 2025. At the same time, newly formed hacktivist collectives such as the self‑proclaimed ‘Russian Legion’ have publicly threatened large‑scale attacks against Denmark’s critical sectors, blending distributed denial‑of‑service (DDoS) assaults with political propaganda to coerce Western governments. Anna Ribeiro Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.