Internet services in Lithuania fell under “intense” distributed denial-of-service attacks on Monday as the pro-Russian threat group Killnet took credit. Killnet said the attacks were in retaliation for Lithuania’s recent ban on European Union-sanctioned shipments to the Russian exclave of Kaliningrad.
The Lithuanian government said the flow of malicious traffic has disrupted parts of the Secure National Data Transfer Network, which it says is “one of the critical components of Lithuania’s strategy for ensuring national security in cyberspace” and “built to to be operational during crises or war to ensure the continuity of the activities of critical institutions.” The country’s core state telecommunications center identified the sites most affected in real time and provided them with DDoS restrictions, while also collaborating with international web service providers.
“It is very likely that such or even more intense attacks will continue in the coming days, especially against the communications, energy and financial sectors,” Jonas Skardinskas, acting director of the Lithuanian National Cyber Security Center, said in a statement. The statement warned of website defacements, ransomware and other destructive attacks in the coming days.
Leaves a lot to be desired
The attacks came as members of Killnet took to Telegram forums to brag about the attacks and condemn the Lithuanian government for blocking the shipment of some goods to Kaliningrad, which is sandwiched between Lithuania and Poland and connected to the rest. from Russia via a rail link via Lithuania.
“We continue to make it clear to the Lithuanian authorities that they must immediately withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia,” the statement said. It claimed that websites of four airports in the Baltic country were crippled. “Thanks to our attacks, they are still only available from Lithuanian IP addresses, and their speed is poor to say the least.”
Lithuanian government officials did not immediately respond to a request for comment.
Since the lead-up to the Russian invasion of Ukraine in February, there have been a significant number of hacks from groups linked to both sides. In January, for example, hacktivists in the pro-Russian country of Belarus said they had infected the network of the state-run railway system with ransomware and would only provide the decryption key if Belarusian President Alexander Lukashenko stopped helping Russian officials. troops awaiting a possible invasion of Ukraine. Hackers working for or in loyalty to Russia, meanwhile, have unleashed wiper malware called AcidRain which was used in a cyberattack that sabotaged thousands of satellite modems used by Viasat customers.
Judgement day
Killnet emerged at the beginning of the Russian invasion and has been posting claims of DDoS attacks on Lithuanian websites ever since. According to security company Flashpoint, there were targets from police forces, airports and governments. On Monday, Flashpoint researchers wrote:
On June 25, Flashpoint analysts observed chatter about a plan for a massively coordinated attack to take place on June 27, which Killnet called “doomsday.” Flashpoint analysts are confident that the attacks reported today are the ones Killnet had previously planned. Minor attacks have also been observed before June 27, including one that occurred on June 22, according to our intelligence agency. Flashpoint analysts are confident that, based on ongoing chatter about Lithuania on Killnet-affiliated Telegram channels over the past week, Killnet targeted Lithuania after the Baltic government closed transit routes to Russia’s Kaliningrad region on June 18. Closed.
Notably, in a June 26, 2022 post, Killnet called Lithuania a “testing ground for our newfound skills” and said their “friends from Conti” are eager to fight, likely pointing to a connection between Killnet and Conti, a ransomware collective that also expressed their allegiance to Russia at the start of the Russian invasion of Ukraine.
Until now, there is little information about the DDoSes, such as the strength or source of the malicious traffic. DDoSes work by flooding sites or servers with more traffic than they can handle, causing them to collapse and become unresponsive.
