Russian hackers claim responsibility for ongoing Lithuania cyberattacks

28 Jun 2022

Image: © New Africa/Stock.adobe.com

The Russian Killnet group said the cyberattacks are a retaliation for Lithuania’s decision to cease the transit of some goods to Kaliningrad following EU sanctions.

Lithuania has been facing a series of distributed denial-of-service (DDoS) cyberattacks, with Russian hackers targeting the websites of government agencies and private firms.

The country’s deputy defence minister Margiris Abukevicius said yesterday (27 June) that the main targets appear to be state institutions, transport institutions and media websites, Reuters reported.

Russian hacker group Killnet has claimed responsibility for the DDoS attacks, saying the activity was retaliation for Lithuania’s ceasing the transit of some goods to the Russian exclave of Kaliningrad.

This region is wedged between NATO members Poland and Lithuania and supplied by rail through Lithuanian territory. Lithuania banned the transit of certain materials earlier this month, on the back of EU sanctions in response to Russia’s ongoing invasion of Ukraine.

“The attack will continue until Lithuania lifts the blockade,” a Killnet spokesperson told Reuters. “We have demolished 1,652 web resources. And that’s just so far.”

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with high volumes of data from multiple sources.

Some of the DDoS attacks have targeted Lithuania’s communications network for government officials and Lithuania’s National Cyber Security Centre said some network users have been unable to access its services.

“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors,” the cybersecurity centre said in a statement to Reuters.

Threat intelligence firm Flashpoint said it observed smaller attacks on Lithuania on 22 June. That is the same day a Russian security council spokesperson promised retaliation over the blocked shipments to Kaliningrad, Reuters reported.

Flashpoint said a Telegram post by Killnet had labelled Lithuania as a “testing ground for our new skills”. This post also said that Killnet has “friends from Conti” that are eager to fight, hinting at a possible connection between the two groups.

The Conti ransomware group was behind the HSE ransomware incident last year that saw more than 80pc of the IT infrastructure of healthcare services across Ireland impacted, in what was said to be the most serious cyberattack ever to hit the State’s critical infrastructure.

This group was also responsible for a series of cyberattacks targeting Costa Rica that began in mid-April, impacting the country’s foreign trade by disrupting its customs and taxes platforms.

‘Escalating arms race’

Speaking about the latest cyberattacks on Lithuania, Bill Conner, CEO of cybersecurity firm SonicWall, said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors.

“We are dealing with an escalating arms race,” Conner said. “It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organisations.

“The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organisations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”

In a joint advisory in March, the FBI and the Cybersecurity and Infrastructure Security Agency warned organisations to be on alert and bolster their multifactor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO’s network.

The following month, cybersecurity authorities from nations in the Five Eyes intelligence alliance issued a warning about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.

Microsoft said in a report last week that it detected Russian “network intrusion efforts” on 128 organisations in 42 countries outside Ukraine. The report suggested that Russian intelligence agencies have “stepped up network penetration and espionage activities” against Ukraine’s allies.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com