Belgium (Brussels Morning Newspaper) A Russian cybercrime hacking group engaged in a massive, ongoing cyber attack on Lithuanian online services and infrastructure, targeting Lithuanian government sites, transport institutions and media websites.
The data on the attacks was collected by the Lithuanian National Cyber Security Centre (NKSC), with the Defence Ministry relaying the news of the attack in an official statement released on Monday.
“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sector,” the Ministry release read. “Part of the Secure National Data Transfer Network users have been unable to access services, work is in progress to restore it to normal”. The Secure National Data Transfer Network is a communications network for government officials designed to withstand war and other crisis situations.
According to Lithuania’s Prime Minister Ingrida Simonyte, such cyber attacks have become commonplace since Russia’s invasion of Ukraine. Their frequency and intensity appears to have increased further as Lithuania blocked the transfer of certain goods by rail to the Russian enclave of Kaliningrad.
Claiming it was merely following the EU sanctions imposed on Moscow, Vilnius introduced a ban on goods subject to EU sanctions passing through Lithuanian territory to Kaliningrad. The list of banned items includes coal, metals and metal products, construction materials and a wide range of advanced technology products, including IT products.
Following the Lithuanian blockade, Moscow pledged to retaliate against Vilnius, without specifying in what way. “Russia will certainly respond to such hostile actions,” said senior security official Nikolai Patrushev last week.
Portal Security Affairs first reported that Lithuania was under a cyber attack following the announcement of the blockade, with Russian hacktivist group Cyber Spetsnaz targeting Lithuanian government resources and critical infrastructure. This attack targeted logistics companies, transport infrastructure, major financial institutions, internet service providers, Lithuania’s international airports, energy companies, major media outlets and government’s online resources, similar to the latest attack.
The most recent attack is reportedly being performed by the “Killnet” cyber crime group, not officially affiliated with Russian military or intelligence agencies. The group, which is usually profit-motivated in its activities, has previously released a video pledging its support to Russia following the start of the country’s invasion of Ukraine. Prior to its attack on Lithuanian cyber space, the group claimed credit for a distributed denial of service (DDoS) attack against Bradley International Airport in March this year, in response to the US sending arms shipments to Ukraine.
The DDoS attacks are low-sophistication cyber assaults, usually unable to create lasting damage. Despite the attackers’ stated goals, the main goal of such attacks is primarily to create short-term outages or lead to a temporary unavailability of services visible to the public, in order to generate desired media narratives.
Lithuania, a NATO member, is protected by Article 5 of the alliance’s treaty, meaning all other members would come to its aid in case of a conventional attack. Hacking attacks, on the other hand, have to pass a certain threshold before they would be considered serious enough to warrant a conventional response.
According to NATO’s legal experts, the threshold would be the same as in the case of conventional attacks – real-world damage and destruction caused by the attack, though ultimately the decision to retaliate would have to be political, and would hinge on the credibility of attribution. A long-standing problem with cyber attacks is that they have to be attributed politically, as forensic attribution cannot prove beyond reasonable doubt that an attack by a declaratively independent group was, in actuality, state-sponsored.
