The government of Lithuania confirmed it had been hit by an intense cyberattack

Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad.

The government of Lithuania announced on Monday that it had been hit by an “intense” cyberattack, likely launched from Moscow, days after the Russian government protested restrictions Vilnius imposed on the rail transit of certain goods to Kaliningrad.

Analysts believe the massive attack could be retaliation against Vilnius, which applied the sanctions decided by the European Union.

The Lithuanian Ministry of Defense announced that Lithuanian state institutions and companies are under a massive DDoS attack. The authorities believe that the attacks will continue in the coming days, and will be aimed at organizations in the transport, energy and financial sectors.

Prime Minister Ingrida Simonyte declared that such kind of attacks had become frequent since Russia’s invasion of Ukraine.

Last week, Security Affairs first reported that Lithuania was under cyber-attack after the ban on Russian railway goods. Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Last week the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and volunteers who joined previous and current campaigns.

The escalation was caused by Vilnius’s refusal to allow steel and iron ore to cross the Russian exclave of Kaliningrad. According to the BBC and other news agencies – prior to this activity Russia warned Lithuania of the consequences of rail transit blockades but didn’t specify how exactly they will be conducted.

According to experts from Los Angeles-based cybersecurity company Resecurity who are currently protecting Fortune 500 companies – the observed activity is expected considering war conflicts and follows today’s geopolitical agenda. Multiple sources interviewed by Security Affairs agreed that Cyber Spetsnaz began gaining more traction and involved multiple credible actors with DDoS capabilities.

The group is leveraging relatively cost-effective means and methods of DDoS, by doing so they generate significant DDoS power by attacking compromised WEB-resources, WEB-sites, IoT devices and botnet networks belonging to other independent actors who agreed to join the campaign. The real impact of such a campaign may be different from what has been claimed in practice – the main goal is to generate short-term outages or temporarily unavailability of the resource to generate certain media narratives.

Current targets for attack include:

• logistics companies (Adrem, Talga)
• transport infrastructure (Transimeksa, Kelprojektas)
• major financial institutions of Lithuania (Central Bank, Stock Exchange, Swedbank, SEB, etc.)
• ISPs (Tele2, Telia, Penki, Mezon, Cgates, Fastlink)
• airports (Vilnius Airport, Kaunas Airport, Palanga Airport, Siauliai Airport)
• energy companies (Ignitis Grupe, Ministry of Energy, Aedilis)
• major media outlets (Delfi, Nedelia, ZW)
• government WEB-resources (President, Ministry of Foreign Affairs, Ministry of Justice, Police)

June 20th one of the units of Cyber Spetnaz called “Zarya” has announced the attack against www.mna.gov.lv which was one of the 1st targets of the new campaign.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lithuania)

[adrotate banner=”5″]

[adrotate banner=”13″]