Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Romanian Government Cadastre (ANCPI) cyber attack / ransomware

0
Medium
Published: 07/15/2026 (07/15/2026, 14:24:15 UTC)
Source: Reddit Cybersecurity

Description

The Romanian Government Cadastre agency (ANCPI) experienced a ransomware cyber attack in 2026. Initially described as a minor technical incident, ANCPI later acknowledged it as the most serious technical incident in its history. The attack was linked to the threat actor Bytetobreach, who had previously targeted Latvia State Forests. The incident involved unauthorized data uploads on dark web forums and was confirmed by ANCPI's official communications. No specific technical details about the ransomware or exploited vulnerabilities were provided.

Reddit Discussion

r/cybersecurity·posted by u/Fit_Asidy
00

A very serious ransomware attack is underway on the networks of ANCPI, Romania’s national cadastre agency.

Our close monitoring of the threat actor Bytetobreach — who carried out a similar attack last month on Latvia State Forests — detected simultaneous uploads on dark web forums regarding this incident. These claims were later confirmed on ANCPI’s official website.

What was described as a “small technical incident” in yesterday’s press release has suddenly been recharacterized by ANCPI itself as “the most serious technical incident in the institution’s history.”

Sources :

https://www.ancpi.ro/ (official press releases)
https://pwnforums.st/Thread-DATABASE-RO-Thy-arss-shall-be-spanked-Romania-ANCPIhttps://spear.cx/Thread-Selling-RO-Thy-arss-shall-be-spanked-Romania-ANCPI

Also discussed in: r/hacking

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/15/2026, 15:48:24 UTC

Technical Analysis

In July 2026, the Romanian national cadastre agency ANCPI suffered a ransomware attack attributed to the threat actor Bytetobreach. The attack was initially downplayed but later recognized by ANCPI as a major security breach. The threat actor uploaded stolen data to dark web forums, indicating a data compromise alongside ransomware activity. The incident was publicly confirmed by ANCPI through official press releases. No detailed technical information about the ransomware variant, infection vector, or exploited vulnerabilities is available from the provided sources.

Potential Impact

The ransomware attack disrupted ANCPI's operations and resulted in unauthorized disclosure of data, as evidenced by data uploads on dark web forums. ANCPI described the incident as the most serious technical event in its history, implying significant operational and data security impact. There is no information on ransom payment, data recovery status, or further consequences.

Mitigation Recommendations

No official patch or remediation details are available. As this is an incident involving ransomware on an organizational network, remediation would typically involve incident response actions such as isolating affected systems, restoring from backups, and enhancing network defenses. However, no vendor advisory or official fix is provided. Patch status is not yet confirmed — check ANCPI's official communications for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":38,"reasons":["external_link","newsworthy_keywords:ransomware","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":["ransomware"],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a57ab8e68715ace43fd7076

Added to database: 07/15/2026, 15:47:26 UTC

Last enriched: 07/15/2026, 15:48:24 UTC

Last updated: 07/15/2026, 17:17:29 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses