Romanian Government Cadastre (ANCPI) cyber attack / ransomware
The Romanian Government Cadastre agency (ANCPI) experienced a ransomware cyber attack in 2026. Initially described as a minor technical incident, ANCPI later acknowledged it as the most serious technical incident in its history. The attack was linked to the threat actor Bytetobreach, who had previously targeted Latvia State Forests. The incident involved unauthorized data uploads on dark web forums and was confirmed by ANCPI's official communications. No specific technical details about the ransomware or exploited vulnerabilities were provided.
AI Analysis
Technical Summary
In July 2026, the Romanian national cadastre agency ANCPI suffered a ransomware attack attributed to the threat actor Bytetobreach. The attack was initially downplayed but later recognized by ANCPI as a major security breach. The threat actor uploaded stolen data to dark web forums, indicating a data compromise alongside ransomware activity. The incident was publicly confirmed by ANCPI through official press releases. No detailed technical information about the ransomware variant, infection vector, or exploited vulnerabilities is available from the provided sources.
Potential Impact
The ransomware attack disrupted ANCPI's operations and resulted in unauthorized disclosure of data, as evidenced by data uploads on dark web forums. ANCPI described the incident as the most serious technical event in its history, implying significant operational and data security impact. There is no information on ransom payment, data recovery status, or further consequences.
Mitigation Recommendations
No official patch or remediation details are available. As this is an incident involving ransomware on an organizational network, remediation would typically involve incident response actions such as isolating affected systems, restoring from backups, and enhancing network defenses. However, no vendor advisory or official fix is provided. Patch status is not yet confirmed — check ANCPI's official communications for current remediation guidance.
Romanian Government Cadastre (ANCPI) cyber attack / ransomware
Description
The Romanian Government Cadastre agency (ANCPI) experienced a ransomware cyber attack in 2026. Initially described as a minor technical incident, ANCPI later acknowledged it as the most serious technical incident in its history. The attack was linked to the threat actor Bytetobreach, who had previously targeted Latvia State Forests. The incident involved unauthorized data uploads on dark web forums and was confirmed by ANCPI's official communications. No specific technical details about the ransomware or exploited vulnerabilities were provided.
Reddit Discussion
A very serious ransomware attack is underway on the networks of ANCPI, Romania’s national cadastre agency.
Our close monitoring of the threat actor Bytetobreach — who carried out a similar attack last month on Latvia State Forests — detected simultaneous uploads on dark web forums regarding this incident. These claims were later confirmed on ANCPI’s official website.
What was described as a “small technical incident” in yesterday’s press release has suddenly been recharacterized by ANCPI itself as “the most serious technical incident in the institution’s history.”
Sources :
https://www.ancpi.ro/ (official press releases)
https://pwnforums.st/Thread-DATABASE-RO-Thy-arss-shall-be-spanked-Romania-ANCPIhttps://spear.cx/Thread-Selling-RO-Thy-arss-shall-be-spanked-Romania-ANCPI
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In July 2026, the Romanian national cadastre agency ANCPI suffered a ransomware attack attributed to the threat actor Bytetobreach. The attack was initially downplayed but later recognized by ANCPI as a major security breach. The threat actor uploaded stolen data to dark web forums, indicating a data compromise alongside ransomware activity. The incident was publicly confirmed by ANCPI through official press releases. No detailed technical information about the ransomware variant, infection vector, or exploited vulnerabilities is available from the provided sources.
Potential Impact
The ransomware attack disrupted ANCPI's operations and resulted in unauthorized disclosure of data, as evidenced by data uploads on dark web forums. ANCPI described the incident as the most serious technical event in its history, implying significant operational and data security impact. There is no information on ransom payment, data recovery status, or further consequences.
Mitigation Recommendations
No official patch or remediation details are available. As this is an incident involving ransomware on an organizational network, remediation would typically involve incident response actions such as isolating affected systems, restoring from backups, and enhancing network defenses. However, no vendor advisory or official fix is provided. Patch status is not yet confirmed — check ANCPI's official communications for current remediation guidance.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":38,"reasons":["external_link","newsworthy_keywords:ransomware","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":["ransomware"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a57ab8e68715ace43fd7076
Added to database: 07/15/2026, 15:47:26 UTC
Last enriched: 07/15/2026, 15:48:24 UTC
Last updated: 07/15/2026, 17:17:29 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.