Major coordinated disinformation campaign hit the Lithuanian Defense

Pierluigi Paganini April 14, 2019

A cyber attack hit the Lithuanian Defense Minister Raimundas Karoblis with the intent of discrediting him and the Lithuanian national defense system.

A major and orchestrated misinformation cyber attack hit the Lithuanian Defense Minister Raimundas Karoblis with the intent of discrediting him and the Lithuanian national defense system.

“The currently unfolding complex cyber-information attack has affected “Kas vyksta Kaune” news portal as a piece of disinformation misleadingly stating there is an investigation by law enforcement carried out.” reads the advisory published by the Ministry. “The fake news has also spread across social media. The National Cyber Security Centre urges the citizens to think critically and not to give in to manipulation.”

“A new cybernetic attack has hit Lithuanian Defense Minister Raimundas Karoblis, with the intention of discrediting not only the minister as a politician but also the entire Lithuanian national defense system and damaging public trust and support to the armed forces ”. states the Lithuanian Ministry of Defense.

The attack started on the night of April 10, threat actors launched a spear phishing campaign from an e-mail address that pretended to be sent from an employee of the Ministry of Defense.

Lithuanian defense fake news

The messages were spreading fake news on an alleged “case of corruption in the ministry,” they included links possibly leading to malicious addresses.

“On preliminary data, the letter sent to several e-mail addresses at the President’s Office, the Government, and the Seimas falsely informs about an audit carried out at the Ministry of National Defence and finding a possible case of corruption there.” continues the advisory. “The false content of the letter says Minister of National Defence Raimundas Karoblis took a bribe of USD 586 thousand in the process of weaponry procurement procedures and that one of the banks in Lithuania has documents proving it. “

The National Cyber ​​Security Center has confirmed it is a typical social engineering attack using spoofed email accounts, it also attributed the attack to a foreign government

The emails were sent to various addresses including “the presidency and the government”.

“This incident is just another piece of evidence that in the age of technology we are living in the conditions of cyber warfare. I have no doubt that the real aim of the attackers is to discredit not only me as a politician but also the entire National Defence System and to hurt the public trust and support to the Armed Forces,” Minister of National Defence Raimundas Karoblis, currently on a visit in Ukraine, says.

According to the Delfi website threat actors also targeted news portals and inserted fake news into regional media outlet “Kasvyksta Kaune” and found its way into “Baltic Times”, a Riga based English language news website. Experts pointed out that both of them have been targeted by the cyber attacks last year. The threat actors carried out several attacks with similar TTPs in the same period, the Delfi published a detailed analysis of the events.

“Furthermore, fake news was posted on „OpEdNews“, with an alleged author – Vytautas Benokraitis. In reality, he is CEO at DELFI Lithuania and never wrote material like this on OpEdNews – US-based progressive/liberal news, antiwar activism, and opinion website founded by Rob Kall in 2003.” reads a post published on the Delfi site. “The website has already been noted for spreading fake news in the past. It was the OpEdNews, that posted a story about the impending NATO invasion to Belarus last November. A poor translation into Lithuanian language has been inserted via cyber means into „Kas vyksta Kaune“ website”

It is not the first time the country is hit by such kind of attacks, a similar campaign was observed in January 2018 when one of Lithuania’s media outlets was hacked and e-mails containing malicious code were sent to Lithuania’s top leadership.

The National Cyber Security Centre is investigating the attack.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Lithuanian Defense, cyberattack)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment