Romanian prosecutor general this week said investigators uncovered a large, coordinated hybrid campaign that sought to skew the 2024 presidential vote in favor of a pro-Russian candidate. He linked the campaign to a web of AI-generated disinformation, bot farms and cyberattacks that was designed to influence the elections and sparked criminal charges.
Prosecutor General Alex Florența told reporters the campaign combined “cyberattacks, measures to destabilize public order and micro-targeted disinformation” aimed at shaping public opinion and undermining authorities’ decision-making. He placed much of the activity on platforms such as TikTok and Telegram and said investigators traced coordinated behavior to four companies with links to the Russian Federation.
That disclosure came as prosecutors formally indicted former presidential candidate Călin Georgescu and 21 associates on charges that include complicity in actions against the constitutional order and spreading false information. Authorities say the defendants planned to exploit the chaos that followed the annulment of the November 2024 vote. Georgescu has denied wrongdoing.
Micro-Targeting was the Master Plan
Florența said the hybrid campaign began to scale in 2022 and intensified through 2024, using “micro-targeting” techniques to deliver personalized, emotionally charged messages to receptive audiences. He said investigators recorded more than 85,000 cyberattacks against electoral infrastructure during the period under review and mapped a sprawling ecosystem of fake accounts, bot networks and recruited influencers that amplified content across social networks.
The prosecutor described one striking example on TikTok where roughly 20,000 accounts came online a day before the first round of elections and fed an automated system that generated some two million comments, helping certain hashtags and narratives go viral. Officials say the activity dramatically increased the appearance of grassroots support for Georgescu.
Violent Protests Avoided
Investigators separately flagged the frequent use of artificially generated content. Florența said many posts bore the fingerprints of AI production. High volumes of repetitive content that nevertheless generated tension and “states of agitation” among targeted groups. He also pointed to a campaign that invoked the memory of Romania’s 1989 revolution, using the hashtag #revoluție to stoke anger and calls for upheaval. Prosecutor told the press that some narratives first surfaced from infrastructure tied to Russia and later spread through a supporting domestic network.
Investigations linked the disinformation push to both online agitation and offline violence. Authorities allege Georgescu coordinated with Horatiu Potra, a former French Foreign Legionnaire now accused of organizing a paramilitary group, to foment unrest in Bucharest after the annulled vote. Court papers and public statements say law enforcement disrupted plots to stage violent protests and intimidate state institutions.
New President Affirms the Findings
Government leaders echoed the prosecutor’s concern. President Nicușor Dan praised the investigation’s findings and urged the public and media to examine what he called “systematic disinformation actions” that affected social cohesion and election integrity. The presidency and national security officials framed the episode as a nationwide challenge as well as part of a broader pattern across the region.
The Romanian patterns is similar to those seen in Moldova, Georgia and elsewhere, where Russia-linked actors have used social platforms, covert funding and cyber operations to shape political outcomes. Analysts say the Romanian case shows how hybrid campaigns now blend machine-scale content generation, covert networks and kinetic schemes in the real world.
Read: UK, US and Canada Accuse Russia of Plot to Interfere With Elections in Moldova
A Problem of ‘National Security’
The prosecutor general supplied technical signals as part of their public briefing. They described networks of fake accounts that mimicked official profiles, pages exhibiting coordinated inauthentic behavior, and advertising funnels that pushed traffic to sites built to spread malicious or deceptive material. Investigators said some companies behind the effort used opaque corporate structures and offshore registrations—common tradecraft designed to frustrate attribution.
Legal fallout has begun. Prosecutors moved to try Georgescu and co-defendants on charges that carry heavy penalties if courts convict. Media reporting indicates the investigation has also opened inquiries into the financing and operational links behind the network; authorities say the full scope of the infrastructure “will probably never be known.”
Romania’s case raises immediate policy questions for democracies about how to counter hybrid threats that combine tech and tactics. Officials and independent analysts have argued for tighter controls on covert advertising, faster takedown processes for coordinated inauthentic behavior, greater platform transparency around algorithmic amplification, and investment in cyber defenses for election infrastructure. But political and technical solutions face tradeoffs and legal constraints that make rapid fixes difficult.
For now, prosecutors say their work will continue. Florența urged vigilance and asked citizens to treat online content with scepticism while investigators pursue the network’s remaining nodes. “Hybrid aggression remains a threat,” he warned, saying the actions had sought to erode trust in institutions and reshape Romania’s political trajectory.
President Dan called this “a matter of national security” and stressed that this is “a major challenge for the entire Euro-Atlantic community.”
“Romania will not tolerate foreign interference in its democratic processes. We will firmly defend sovereignty, the integrity of institutions and the trust of citizens,” he added.
