Cyber warfare

Major coordinated disinformation campaign hit the Lithuanian Defense

A cyber attack hit the Lithuanian Defense Minister Raimundas Karoblis with the intent of discrediting him and the Lithuanian national defense system.

A major and orchestrated misinformation cyber attack hit the Lithuanian Defense Minister Raimundas Karoblis with the intent of discrediting him and the Lithuanian national defense system.

“The currently unfolding complex cyber-information attack has affected “Kas vyksta Kaune” news portal as a piece of disinformation misleadingly stating there is an investigation by law enforcement carried out.” reads the advisory published by the Ministry. “The fake news has also spread across social media. The National Cyber Security Centre urges the citizens to think critically and not to give in to manipulation.”

“A new cybernetic attack has hit Lithuanian Defense Minister Raimundas Karoblis, with the intention of discrediting not only the minister as a politician but also the entire Lithuanian national defense system and damaging public trust and support to the armed forces ”. states the Lithuanian Ministry of Defense.

The attack started on the night of April 10, threat actors launched a spear phishing campaign from an e-mail address that pretended to be sent from an employee of the Ministry of Defense.

The messages were spreading fake news on an alleged “case of corruption in the ministry,” they included links possibly leading to malicious addresses.

“On preliminary data, the letter sent to several e-mail addresses at the President’s Office, the Government, and the Seimas falsely informs about an audit carried out at the Ministry of National Defence and finding a possible case of corruption there.” continues the advisory. “The false content of the letter says Minister of National Defence Raimundas Karoblis took a bribe of USD 586 thousand in the process of weaponry procurement procedures and that one of the banks in Lithuania has documents proving it. “

The National Cyber ​​Security Center has confirmed it is a typical social engineering attack using spoofed email accounts, it also attributed the attack to a foreign government

The emails were sent to various addresses including “the presidency and the government”.

“This incident is just another piece of evidence that in the age of technology we are living in the conditions of cyber warfare. I have no doubt that the real aim of the attackers is to discredit not only me as a politician but also the entire National Defence System and to hurt the public trust and support to the Armed Forces,” Minister of National Defence Raimundas Karoblis, currently on a visit in Ukraine, says.

According to the Delfi website threat actors also targeted news portals and inserted fake news into regional media outlet “Kasvyksta Kaune” and found its way into “Baltic Times”, a Riga based English language news website. Experts pointed out that both of them have been targeted by the cyber attacks last year. The threat actors carried out several attacks with similar TTPs in the same period, the Delfi published a detailed analysis of the events.

“Furthermore, fake news was posted on „OpEdNews“, with an alleged author – Vytautas Benokraitis. In reality, he is CEO at DELFI Lithuania and never wrote material like this on OpEdNews – US-based progressive/liberal news, antiwar activism, and opinion website founded by Rob Kall in 2003.” reads a post published on the Delfi site. “The website has already been noted for spreading fake news in the past. It was the OpEdNews, that posted a story about the impending NATO invasion to Belarus last November. A poor translation into Lithuanian language has been inserted via cyber means into „Kas vyksta Kaune“ website”

It is not the first time the country is hit by such kind of attacks, a similar campaign was observed in January 2018 when one of Lithuania’s media outlets was hacked and e-mails containing malicious code were sent to Lithuania’s top leadership.

The National Cyber Security Centre is investigating the attack.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Lithuanian Defense, cyberattack)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

2 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

16 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

23 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.