Pierluigi Paganini June 22, 2022

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods

Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and volunteers who joined previous and current campaigns.

The escalation was caused by Vilnius’s refusal to allow steel and iron ore to cross the Russian exclave of Kaliningrad. According to the BBC and other news agencies – prior to this activity Russia warned Lithuania of the consequences of rail transit blockades but didn’t specify how exactly they will be conducted.

According to experts from Los Angeles-based cybersecurity company Resecurity who are currently protecting Fortune 500 companies – the observed activity is expected considering war conflicts and follows today’s geopolitical agenda. Multiple sources interviewed by Security Affairs agreed that Cyber Spetsnaz began gaining more traction and involved multiple credible actors with DDoS capabilities.

The group is leveraging relatively cost-effective means and methods of DDoS, by doing so they generate significant DDoS power by attacking compromised WEB-resources, WEB-sites, IoT devices and botnet networks belonging to other independent actors who agreed to join the campaign. The real impact of such a campaign may be different from what has been claimed in practice – the main goal is to generate short-term outages or temporarily unavailability of the resource to generate certain media narratives.

Several cybersecurity experts from Lithuania have been interviewed independently – they’re aware of this group and are ready to protect national resources.

Notably, the list of targets represents a comprehensive list of critical infrastructure resources in Lithuania.

Current targets for attack include:

• logistics companies (Adrem, Talga)
• transport infrastructure (Transimeksa, Kelprojektas)
• major financial institutions of Lithuania (Central Bank, Stock Exchange, Swedbank, SEB, etc.)
• ISPs (Tele2, Telia, Penki, Mezon, Cgates, Fastlink)
• airports (Vilnius Airport, Kaunas Airport, Palanga Airport, Siauliai Airport)
• energy companies (Ignitis Grupe, Ministry of Energy, Aedilis)
• major media outlets (Delfi, Nedelia, ZW)
• government WEB-resources (President, Ministry of Foreign Affairs, Ministry of Justice, Police)

June 20th one of the units of Cyber Spetnaz called “Zarya” has announced the attack against www.mna.gov.lv which was one of the 1st targets of the new campaign.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Lithuania)

[adrotate banner=”5″]

[adrotate banner=”13″]