Russian Hacker Group Behind DDoS Attacks on Lithuania

Person in a dark hoodie working on a laptop and a desktop

Russian hacker group Killnet on Monday claimed responsibility for ongoing cyberattacks against Lithuania. The hackers are targeting the Lithuanian government and private entities, including the country’s Secure National Data Transfer Network, which is used by the President’s office and several important institutions.

The attacks are in response to Lithuania’s decision to block the transit of EU-sanctioned goods by rail to Kaliningrad. Lithuania’s Defense Ministry said the most severe DDoS (Distributed Denial of Service) attacks are now under control. However, the country is bracing for further attacks against entities in the communications, energy, and financial sectors.

Details of the DDoS Attacks Against Lithuania

On Monday, June 27, the Lithuanian Ministry of National Defense, along with the National Cyber Security Centre (NKSC), put out a statement warning the public about “intense” ongoing DDoS attacks. The Ministry said the Core Center of State Telecommunications is looking into the worst-hit websites in real-time and is dispatching additional protections.

Lithuania is working with international web service providers to search for solutions. Government websites are currently using a Cloudflare service to scan and check if visitors are part of the hackers orchestrating the DDoS attacks.

In a typical DDoS attack, a threat actor uses a botnet to request access to a website from a network of thousands of infected devices. This overwhelms the website’s servers, rendering the site temporarily unavailable.

“The main targets are state institutions, transport institutions, media websites,” Lithuania’s Deputy Defense Minister Margiris Abukevicius told Reuters.

Tensions Rise Over Kaliningrad Blockade

Killnet confirmed to Reuters that it was behind the DDoS attack. The group warned that its operations are not over yet.

“The attack will continue until Lithuania lifts the blockade,” a Killnet spokesperson told Reuters. “We have demolished 1,652 web resources. And that’s just so far.”

The blockade refers to Lithuania’s decision to halt the transit of sanctioned goods to Kaliningrad. Lithuania has defended its decision to do so, stating that it is simply implementing EU sanctions. Lithuania’s Foreign Minister Gabrielius Landsbergis said these measures were taken after consultations with the European Commission.

Unsurprisingly, Russia has not taken kindly to the measure and has threatened to take action against Lithuania.

“If in the near future cargo transit between the Kaliningrad region and the rest of the territory of the Russian Federation through Lithuania is not restored in full, then Russia reserves the right to take actions to protect its national interests,” the Russian Foreign Ministry said.

Lithuanian Anticipates Further Attacks

While confirming that it has resolved the most severe DDoS attacks, as well as those on the Secure Data Network, the NKSC said that there is a high likelihood of more attacks in the near future. As a result, it has urged IT and cybersecurity personnel in charge of government institutions, private companies, and media to take extra precautions.

“It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy and financial sectors,” Jonas Skardinskas, acting NKSC director, said.

The NKSC has advised entities to take preventive measures to protect themselves from ransomware attacks, adding that there is also a high probability of defacement attacks against websites.

If this article piqued your interest, we recommend checking out our explainer on DDoS attacks.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.