Lithuania government PCs infected by a Russian spyware

Lithuania said found Russian spyware on its government computers, the government blames Moscow for cyber espionage campaigns.

Lithuania blames Russia for cyber attacks that have hit government networks over the last two years. According to the Reuters, the head of cyber security Rimtautas Cerniauskas confirmed the discovery of at least three Russian spyware on government computers since 2015.

Lithuanian officials targeted by the alleged Russian spyware held mid-to-low ranking positions at the government, anyway Cerniauskas confirmed their PCs contained government sensitive documents.

“The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.” states the article published by the Reuters.

“The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA,” said Rimtautas Cerniauskas.

The Government of Moscow denies the involvement in the attacks, spokesman Dmitry Peskov told Reuters the accusations were “laughable” and unsubstantiated. Russian authorities explained that also their networks are targeted by hackers, but Moscow has never accused other governments.

“Did it (the spyware) have ‘Made in Russia’ written on it?” quipped Peskov. “We absolutely refute this nonsense.”

Almost any government fears Russian nation-state actors, the cyber attacks against US Presidential Election and the string of incidents occurred in Ukraine raised the fears of Russian cyber attacks.

According to the German Intelligence, the APT 28 group, also known as Fancy Bear, is ramping up information warfare against Germany and the rest of West to destabilize foreign Governments.

“Lithuania, Estonia and Latvia, all ruled by Moscow in communist times, have been alarmed by Russia’s annexation of Ukraine’s Crimea peninsula in 2014 and its support for pro-Russian separatists in eastern Ukraine.” continues the Reuters.

According to the Lithuanian intelligence services, the cyber attacks were politically motivated and threat actors conducted cyber espionage activities on state institutions.

The Russian spyware was used by hackers to exfiltrate documents, as well as collect login credentials from popular web services such as Gmail and Facebook. Syphoned data were sent to an IP address linked to cyber espionage campaigns conducted by Russian cyber spies.

“This only confirms that attempts are made to infiltrate our political sphere,” said Cerniaukas.

“Russians are really quite good in this area. They have been using information warfare since the old times. Cyberspace is part of that, only more frowned upon by law than simple propaganda”, he added.

“They have capacity, they have the attitude, they are interested, and they will get to it – so we need to prepare for it and we need to apply countermeasures.”

This isn’t the first time that Russian hackers target Lithuanian systems, According to the head of the Lithuanian counter-intelligence agency Darius Jauniskis, in 2012 Moscow launched coordinated attacks against the Lithuanian central bank and top online news website.

“It is all part of psychological warfare,” explained Darius.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Lithuania, Russia)

[adrotate banner=”5″]

[adrotate banner=”12″]