The attack seems to be a retaliatory effort from Killnet following the diplomatic tensions between the two countries.
Pro-Russia threat actors Killnet have targeted Lithuania government institutions and networks in a series of highly disruptive DDoS attacks (distributed denial of service attacks). The country’s National Cyber Security Center (NKSC) confirmed the attack impacted the Secure National Data Transfer Network and private and public sector firms.
This “intense” attack occurred on 27 June 2022 and prevented users from accessing services. Although the attack has been managed now, and most of the sites are back online, the possibility of another attack cannot be ignored.
“It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy, and financial sectors.”
Jonas Skardinskas – Director NKSC
The Bone of Contention- Kaliningrad
The attack seems to be in reaction to the diplomatic row between Russia and Lithuania regarding the Russian exclave of Kaliningrad. For your information, it is situated on the Baltic Sea shores and was previously a part of Germany before WWII and then a part of the Soviet Union. Kaliningrad was later cut off from Russia after Lithuania became independent in 1990 as there were no ground routes.
After Russia’s invasion of Ukraine, Lithuania supported the EU ban on Russian exports after it was implemented across EU territories and blocked the transport of key materials like metals, coal, and construction materials to Kaliningrad, infuriating Kremlin.
The Russia-aligned hacktivist group Killnet claimed responsibility for the DDoS attack in a video and added that the group would again target the country until it lifted the blockage on Russian exports.
The group’s spokesperson told Reuters that Killnet demolished 1,652 web resources and plans to cause more damage soon. As seen by Hackread.com, Killnet is currently active on Telegram posting a list of Luthinian sites targeted by the group. In one of its statements in the Russian language, the group claimed the following:
In 39 hours, we achieved the isolation of 70% of the entire network infrastructure in Lithuania. I will explain on the fingers: Web integration of Lithuanian websites and electronic systems is in the “Blockade”, that is, “Geo block”, web traffic and other means of communication are available only within the republic. Thus, we are disrupting Lithuania’s network interaction with the rest of the world. At the moment, Lithuania is in sadder conditions than Kaliningrad. And we keep our promise! 😉
Impact of the Attack
Lithuania’s government stated that the DDoS attack flooded several institutions’ websites with malicious traffic. Some of the websites taken down by Killnet include Lithuania’s State Tax Inspectorate (STI) and the country’s leading accounting services provider B1.lt among others.
The attack disrupted the Secure National Data Transfer Network, which is among the most critical components of the country’s national security in the cyberworld, particularly during wartime. Lithuania’s Core Center of State Telecommunications is currently identifying the impacted sites to offer DDoS mitigation.
Killnet angered the hacktivists collective Anonymous after declaring allegiance to Russia after the latter invaded Ukraine and started a war. Since the allegiance, Killnet has been active on its Telegram channel ‘We Are Killnet.’
Flashpoint researchers observed chats between the group members in which they mentioned a large-scale, coordinated attack on June 27th 2022, which they referred to as Judgment Day.
The attackers selected Lithuania as its target for closing transit routes to Kaliningrad. The group has also targeted European institutions. Hackread.com previously reported that the group leaked private info of Killnet hacktivists in a data dump and took the group’s website Killnet.ru offline.