Government

Russian hacking group takes credit for wide-ranging cyberattack on Lithuania

A hacking group aligned with the Russian government took credit for a large cyberattack on several government institutions in Lithuania on Monday.

The country’s defense minister and National Cyber Security Centre released a statement saying the hackers had used distributed denial-of-service attacks to target the State Tax Inspectorate, Migration Department and a secure national data network among a host of other state entities. 

The agencies were forced to shut down operations for several hours before service returned. The attack comes days after Lithuanian officials refused to allow steel, coal and other metals to be transported through the country to Kaliningrad due to European Union sanctions.

Russian officials openly threatened Lithuania after the transit ban took effect on Saturday. Kaliningrad is Russian territory sandwiched between Poland and Lithuania along the Baltic Coast, forcing it to rely on rail lines that pass through Lithuania.

The Russian hacking group KillNet announced the attack on its Telegram channel, initially targeting an online accounting system used by Lithuania and Latvia. The group then said it was going to target the network infrastructure of Lithuania.

“At the moment, we have disrupted the work of the entire online accounting department in Lithuania,” the group wrote

“We are certainly surprised that Lithuania uses an ‘online system’ for accounting. Amazon servers are not able to save the situation.”

KillNet hackers then attacked the networks of airports in Lithuania, briefly taking down the systems at Vilnius Airport, Kaunas Airport and Palanga Airport.

“We continue to hint unequivocally to the Lithuanian authorities that they should immediately withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia,” the group said. 

The group boasted of further attacks on several telecommunications companies in Lithuania, the Central State Archive, the Supreme Administrative Court and the platform used for electronic declarations, filing and viewing tax returns. 

Global internet access monitor NetBlocks confirmed that several government networks were disrupted alongside public and private internet infrastructure. 

“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors,” Lithuania’s National Cyber Security Centre said in a statement to Reuters

Killnet has attacked several countries that have come out in support of Ukraine after Russia invaded the country earlier this year.

In April, the group launched distributed denial-of-service attacks against several websites connected to government agencies and a bank in Romania.

Two weeks later, Killnet used a similar method to attack the websites of Italy’s parliament, military and National Health Institute. 

Microsoft vice president Tom Burt said in April that the company’s experts believe cyberattacks will continue to escalate and widen as the war between Russia and Ukraine continues. 

“We’ve observed Russian-aligned actors active in Ukraine show interest in or conduct operations against organizations in the Baltics and Turkey – all NATO member states actively providing political, humanitarian or military support to Ukraine,” Burt said.

Jonathan Greig

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Recent Posts

Facebook testing end-to-end encryption as a default on Messenger

Facebook has long been criticized for not using end-to-end encryption as a default option for…

16 hours ago

CISA orders civilian agencies to patch Zimbra bug after mass exploitation

The Cybersecurity and Infrastructure Security Agency added two vulnerabilities found in products from digital collaboration…

18 hours ago

AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach

Telecommunications giant AT&T denied any connection to a database of stolen information that included the…

20 hours ago

U.S. shares photo of alleged Conti suspect, offers $10 million for intel

The U.S. State Department on Thursday said that it was offering a $10 million reward…

20 hours ago

Suspected Tornado Cash developer arrested in Netherlands

Financial crime authorities in the Netherlands announced Friday that they had arrested a 29-year-old man…

1 day ago

NHS working with U.K. cyber authorities to assess ransomware attack on IT vendor

The United Kingdom’s National Health Service said it is working with the country’s National Cyber…

2 days ago