Russian Killnet Hackers claim responsibility for Lithuania cyberattacks
The country's deputy defence minister Margiris Abukevicius said yesterday (27 June) that the main targets appear to be state institutions, transport institutions and media websites, Reuters reported.
The Russian hacker group Killnet has claimed responsibility for the (DDoS) cyberattacks, saying it was a retaliation for Lithuania's ceasing the transit of some goods to the Russian exclave of Kaliningrad.
This region is wedged between NATO members Poland and Lithuania and supplied by rail through Lithuanian territory.
Lithuania banned the transit of certain materials earlier this month, due to EU sanctions in response to Russia's ongoing invasion of Ukraine.
“The attack will continue until Lithuania lifts the blockade,” a Killnet spokesperson told Reuters. “We have demolished 1,652 web resources. And that's just so far.”
A DDoS attack is an attempt to make an online service unavailable by overwhelming it with high volumes of data from multiple sources.
Some of the DDoS attacks have targeted Lithuania's Secure Data Transfer Network, a communications network for government officials. Lithuania's National Cyber Security Centre said some network users have been unable to access its services, CNN reported.
“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors,” the cyber security centre said in a statement to Reuters.
Threat intelligence firm Flashpoint said it observed smaller attacks on Lithuania that took place on 22 June. This is the same day that a Russian Security Council spokesperson promised retaliation over the blocked shipments to Kaliningrad, Reuters reported.
Flashpoint said a Telegram post by Killnet had labeled Lithuania as a “testing ground for our new skills”. This post also said that Killnet has “friends from Conti” that are eager to fight, hinting at a possible connection between the two groups.
The Conti ransomware group was behind the HSE ransomware incident last year that saw more than 80pc of the IT infrastructure of healthcare services across Ireland impacted, in what was said to be the most serious cyberattack ever to hit the State's critical infrastructure.
This group was also responsible for a series of cyberattacks against Costa Rica that began in mid-April, which impacted the country's foreign trade by disrupting its customs and taxes platforms. The country declared a state of national emergency on 8 May as a result.
‘Escalating arms race'
Speaking on the latest cyberattack, CEO of cybersecurity firm Sonicwall Bill Conner said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors.
“We are dealing with an escalating arms race,” Conner said. “It's a cyber-arms race that will likely never slow, so we can never slow in our efforts to protect organisations.
“The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organisations. There's better cooperation between the public and private sectors, and greater transparency in many areas,” Conner said.
In a joint advisory in March, the FBI and the Cybersecurity and Infrastructure Security Agency warned organisations to be on alert and bolster their multifactor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO's network.
The following month, cybersecurity authorities from nations in the Five Eyes intelligence alliance issued a warning about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.
Earlier this month, the Irish Government joined Microsoft's Government Security Program in a bid to protect the nation's critical infrastructure against cyberattacks.
Microsoft said in a recent report that it detected Russian “network intrusion efforts” on 128 organisations in 42 countries outside Ukraine. The report suggested that Russian intelligence agencies have “stepped up network penetration and espionage activities” against Ukraine's allies.