Lithuanian Government Issues DDoS Attack AlertsRussian Hacktivist Group Posts List of Targeted Sites on Telegram
Lithuania's National Cyber Security Center has warned of increasing distributed denial-of-service attacks directed against the nation's public authorities and its transport and financial sectors, which could lead to temporary service disruptions. A Telegram post attributes the DDoS attacks to a group called Cyber Spetsnaz, saying they are possibly retaliation for Lithuania's alleged blocking of vital supplies by road and rail from the Russian enclave of Kaliningrad. On Monday June 28, Reuters reported that the Russian Killnet group claimed responsibility for a DDoS attack on Lithuania.
The New York Times reported that Russia claimed the EU was blocking train and trucking routes that bring supplies via the Lithuanian town of Kybartai to Kaliningrad.
On Wednesday, a Russian group of hacktivists called "Legion - Cyber Spetsnaz RF" posted a list of entities on a Telegram channel declaring war against Lithuanian organizations. These websites could be targeted in the DDoS attacks that the NCSC warns about.
The NCSC posted a public notice on its website on Thursday. The notice says, "The NCSC records an increase in Distributed Denial of Service (DDoS) attacks. Most of the attacks are directed against public authorities, the transport and financial sectors, leading to temporary service disruptions."
In its notice, the NCSC urges those who manage critical information infrastructure and state information resources to take "additional security measures" and to follow the NCSC recommendations for protection against service disruption attacks.
The government agency also provides a link to a PDF containing extensive guidance for defending against DDoS attacks with threat mitigation strategies.
Lithuania's NCSC also encourages organizations to report any DDoS attacks they may experience to NCSC Cyber Incident Management Division CERT-LT via email or by phone at 1843.
"More intense attacks" are coming, especially against communications, energy and financial sectors, says Jonas Skardinskas, acting director and head of cyber security management department at the Lithuanian National Cybersecurity Center.
Information Security Media Group has requested further details from Lithuania's NCSC.
Killnet Group Responsible
Reuters reported that Russian hacker group Killnet claimed responsibility on Monday for a DDoS cyberattack on Lithuania. It said this was in response to Vilnius's decision to block the transit of goods sanctioned by the European Union to the Russian exclave of Kaliningrad.
"The attack will continue until Lithuania lifts the blockade," a spokesperson for the Killnet group told Reuters. "We have demolished 1652 web resources. And that's just so far."
The recent DDoS attacks against the websites of Lithuanian state institutions by Killnet "is an example of geopolitically motivated hacktivism causing disruption for the general public," says Toby Leiws, head of threat analysis at Darktrace.
He says Killnet is infamous for its hacktivism and "believed to be aligned with the Russian-state." The group has launched previous attacks against countries supporting Ukraine, including Germany, the U.K. and Italy. "This latest slew of attacks comes as no surprise to those who have been following their activity closely," Lewis says.
Killnet’s attack methods are not particularly sophisticated and are easy to mitigate from a technical perspective, but they know these noisy attacks will hit the headlines and spark controversy.
As Lithuania is an EU and NATO member state, the potential implications under the EU Mutual Defence Clause or NATO Article 5 mean "it will be significant to determine whether Killnet were explicitly directed by the Russian state in this instance or whether they are simply sympathetic to the nationalist agenda," Lewis says.
(This story was updated on June 28 to include attribution to the Russian Killnet group. It was also updated on June 30 to include comments from Jonas Skardinskas, acting director of the Lithuanian National Cybersecurity Center and Toby Lewis, head of threat analysis at Darktrace.)