Russian hacking group takes credit for wide-ranging cyberattack on Lithuania
A hacking group aligned with the Russian government took credit for a large cyberattack on several government institutions in Lithuania on Monday.
The country’s defense minister and National Cyber Security Centre released a statement saying the hackers had used distributed denial-of-service attacks to target the State Tax Inspectorate, Migration Department and a secure national data network among a host of other state entities.
The agencies were forced to shut down operations for several hours before service returned. The attack comes days after Lithuanian officials refused to allow steel, coal and other metals to be transported through the country to Kaliningrad due to European Union sanctions.
Russian officials openly threatened Lithuania after the transit ban took effect on Saturday. Kaliningrad is Russian territory sandwiched between Poland and Lithuania along the Baltic Coast, forcing it to rely on rail lines that pass through Lithuania.
The Russian hacking group KillNet announced the attack on its Telegram channel, initially targeting an online accounting system used by Lithuania and Latvia. The group then said it was going to target the network infrastructure of Lithuania.
“At the moment, we have disrupted the work of the entire online accounting department in Lithuania,” the group wrote.
“We are certainly surprised that Lithuania uses an ‘online system’ for accounting. Amazon servers are not able to save the situation.”
KillNet hackers then attacked the networks of airports in Lithuania, briefly taking down the systems at Vilnius Airport, Kaunas Airport and Palanga Airport.
“We continue to hint unequivocally to the Lithuanian authorities that they should immediately withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia,” the group said.
The group boasted of further attacks on several telecommunications companies in Lithuania, the Central State Archive, the Supreme Administrative Court and the platform used for electronic declarations, filing and viewing tax returns.
Global internet access monitor NetBlocks confirmed that several government networks were disrupted alongside public and private internet infrastructure.
⚠️ Confirmed: Metrics show a disruption to government networks in #Lithuania as the National Cyber Security Centre reports a denial-of-service cyberattack affecting secure networks used by state institutions, also affecting public and private internet infrastructure pic.twitter.com/dgsDrJDyxq— NetBlocks (@netblocks) June 27, 2022
"It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors," Lithuania's National Cyber Security Centre said in a statement to Reuters.
Killnet has attacked several countries that have come out in support of Ukraine after Russia invaded the country earlier this year.
In April, the group launched distributed denial-of-service attacks against several websites connected to government agencies and a bank in Romania.
Two weeks later, Killnet used a similar method to attack the websites of Italy’s parliament, military and National Health Institute.
Microsoft vice president Tom Burt said in April that the company’s experts believe cyberattacks will continue to escalate and widen as the war between Russia and Ukraine continues.
“We’ve observed Russian-aligned actors active in Ukraine show interest in or conduct operations against organizations in the Baltics and Turkey – all NATO member states actively providing political, humanitarian or military support to Ukraine,” Burt said.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.