Lithuania became a victim of a series of DDoS cyberattacks as the Russian hackers targeted various government agency websites and private firms.
Yesterday, Lithuania’s deputy defense minister Margiris Abukevicius said that the main targets seem to be transport institutions, state institutions, and media websites, according to Reuters.
The responsibility for the cyberattack has been claimed by the Russian hacker group Killnet. They said the cyberattack was carried out in retaliation for Lithuania putting a stop to the transit of goods to the Russian exclave of Kaliningrad.
Kaliningrad is located between two NATO members: Lithuania and Poland, and has a railroad going through the Lithuanian territory. After Russia’s invasion of Ukraine, Lithuania has banned the transit of items recently, as per EU sanctions.
A Killnet spokesperson said:
“The attack will continue until Lithuania lifts the blockade. We have demolished 1,652 web resources. And that’s just so far.”
A DDoS attack shuts down available online services by overloading the main server, using a high amount of data from multiple sources.
The country’s communications network for government officials has been affected due to the DDoS attacks. According to Lithuania’s National Cyber Security Center, said a bunch of network users have been unable to access its services.
In a statement they said:
“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors.”
Flashpoint, a threat intelligence firm, reported that it observed small attacks on Lithuania on June 22nd. On the same day when a Russian security council spokesperson vowed to retaliate against Lithuania for blocking their shipments to Kaliningrad, according to Reuters.
A Telegram post by Flashpoint said that Killnet used Lithuania as a “testing ground for our new skills”. Furthermore, the post said Killnet has “friends from Conti” who will come to their aid whenever there’s a need, hinting at a possible merger between the two.
Conti cyber group is responsible for a series of cyberattacks that targeted Costa Rica back in April because of which the country’s foreign trade was interrupted and suffered damages while handling its customs and taxes platforms.
Regarding the latest cyberattacks on Lithuania, CEO of cybersecurity firm SonicWall Bill Conner said that as of late threat actors have become more efficient in carrying out their cyberattacks. He said that such groups often leverage cloud tools in order to reduce costs at their end and expand their scope to target numerous attacking vectors.
He said:
“We are dealing with an escalating arms race. It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organizations. The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”
As per the joint advisory in March, the FBI and Infrastructure Security Agency warned certain organizations to be vigilant and strengthen their multi-factor authorization security. They also revealed further details about how the state-sponsored hackers in Russia gained access to an NGO’s network.
In a report issued by Microsoft last week, they detected Russian “network intrusion efforts” on over 128 organizations across 42 countries outside Ukraine. The report also said that Russian intelligence agencies have “stepped up network penetration and espionage activities” against Ukraine’s allies.
Russia continues to face opposition from all sides ever since its invasion of Ukraine earlier this year with the former retaliating through cyberattacks on others.
