Cyber Incident Victim: Court of Accounts of Moldova

On July 14, 2021, Moldova’s Court of Accounts, the government authority responsible for auditing public financial resources and ensuring compliance with international standards, suffered a destructive cyberattack. Threat actors hacked the agency’s website and destroyed critical public databases containing audit reports and other operational data. The attack occurred during a period of significant audit missions, including high-impact societal audits at the reporting and public disclosure stages. The Court of Accounts described this as the first such incident in the institution’s history, emphasizing the severity of the disruption. In response, the agency immediately shut down its website to contain the incident and initiated efforts to restore the lost data. Officials publicly confirmed the attack through Moldova’s state news agency, Moldpres, on July 15, 2021, while forensic investigations commenced to determine the attackers’ methods and objectives.

The destruction of public audit records hindered transparency and impeded the institution’s core mandate of overseeing government financial activities. The Court of Accounts launched an investigation to ascertain whether the attack was random, financially motivated through extortion, or a deliberate attempt to sabotage its operations. Although the primary impact involved data destruction, the agency acknowledged the potential for secondary threats, such as malware distribution to website visitors—a tactic previously observed in a separate incident involving Kazakhstan’s government budget portal. No evidence confirmed secondary payload deployment in this case. Recovery efforts focused on data restoration and securing systems, with no public disclosure of technical specifics regarding attacker entry points or infrastructure compromises. The incident underscored vulnerabilities in governmental audit institutions during critical reporting phases.