The Romanian national oil pipeline operator, Conpet, recently confirmed a major cyberattack. The notorious Qilin ransomware group has claimed responsibility, alleging they have stolen nearly 1TB of sensitive data, including financial records and internal documents.While the company and authorities investigate, Hudson Rock has identified the likely "Patient Zero." Our analysis reveals that the breach almost certainly originated from a single Infostealer infection on a computer belonging to a Conpet IT employee.