The article describes two major cyber incidents in Romania that happened during the late-December holiday period and appear connected by timing and target selection. First, Romania’s national water authority (Romanian Waters) was hit starting December 20, 2025, with the impact spreading across most regional units and affecting roughly 1,000 IT systems. The disruption hit “office” and business technology—servers, workstations, email, web, and related services—while officials said operational water-control systems were not affected, meaning water operations continued. The attackers reportedly encrypted files and left ransom notes, and the agency had to rely on alternative channels for updates because its website was taken offline.

A few days later, on December 26, 2025, Romania’s largest coal-based power producer (Oltenia Energy Complex) reported a ransomware attack attributed to a group known as “Gentlemen,” which encrypted files and knocked out key business applications such as ERP (core internal management software), document systems, email, and the company website. The company said it isolated affected systems, notified national authorities, and began rebuilding from backups, while assessing whether any data was leaked; it also stated that the national energy system kept functioning. The article argues that, even though the water and energy attacks used different methods (including BitLocker “built-in” encryption in the water case), both were aimed at critical utilities’ administrative IT layers during a period of reduced staffing—suggesting a deliberate campaign rather than coincidence.

Source: https://industrialcyber.co/critical-infrastructure/romanian-water-authority-energy-producer-hit-by-cyber-attacks-in-apparent-coordinated-holiday-campaign/