Moldova’s 2025 parliamentary elections were targeted by a coordinated hybrid campaign linked to Kremlin-aligned networks. This campaign combined cyber operations, Foreign Information Manipulation and Interference (FIMI), staged evidence of electoral fraud and attempts to mobilize street protests in order to undermine confidence in the election outcome.
Cyberattacks were a key enabling element of this strategy. In the weeks before the vote, thousands of home internet routers in Moldova were compromised and prepared for use in a large-scale distributed denial of service (DDoS) attack. On election day, attackers launched sustained attacks against infrastructure operated by the Central Election Commission (CEC) and the Information Technology and Cyber Security Service (STISC). The goal was not to alter vote totals directly – Moldova uses paper ballots and hand counting – but to disrupt digital systems used for voter verification and the real-time reporting of election results.
Had these systems failed, the resulting delays and technical disruptions could have been used to fuel disinformation narratives alleging electoral fraud and to support planned political protests contesting the legitimacy of the vote.
In practice, these efforts largely failed. Moldovan authorities and their partners were able to maintain the operation of critical election infrastructure, limiting the effectiveness of the broader hybrid campaign. Moldova’s experience demonstrates how cyber operations can serve as enabling tools within integrated political interference efforts – and how institutional preparation and coordinated defense can significantly reduce their impact.