Internet services in Lithuania were subjected to “intense” distributed denial-of-service attacks on Monday in recognition of pro-Russian threat actor group Killnet. Killnet said his attacks were in retaliation for Lithuania’s recent ban on supplies, sanctioned by the European Union, to the Russian exclave of Kaliningrad.
The Lithuanian government said the spate of malicious traffic disrupted parts of the secure national data transfer network, which it says is “one of the crucial components of Lithuania’s strategy for ensuring national security in cyberspace” and “designed to operate during crises or wars.” is”. to ensure the continuity of operations of critical institutions.” The country’s core center for state telecommunications identified the most affected websites in real time and provided them with DDoS mitigation measures while simultaneously working with international web service providers.
“It is very likely that such or even more intense attacks will continue in the coming days, especially against the communications, energy and financial sectors,” said Jonas Skardinskas, acting director of the Lithuanian National Cyber Security Center. said in an opinion. The statement warned of website defacements, ransomware and other destructive attacks in the coming days.
Leaves a lot to be desired
The attacks came as Killnet members visited forums on Telegram to brag about the attacks and condemn the Lithuanian government for blocking shipments of some goods to Kaliningrad, which is sandwiched between Lithuania and Poland and connected by a rail link with the Rest of Russia is connected to Lithuania.
“We continue to unequivocally warn the Lithuanian authorities that they should immediately withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia,” a message specified. It claimed that websites from four airports in the Baltic country were down. “Thanks to our attacks, they are still only available from Lithuanian IP addresses and their speed leaves something to be desired, to say the least.”
Lithuanian government officials did not immediately respond to a request for comment.
Since the Russian invasion of Ukraine in February, there have been a multitude of hacks by groups allied to both sides. In January, for example, hacktivists in the pro-Russian country of Belarus said they had infected the country’s state railway system network with ransomware and would only release the decryption key if Belarusian President Alexander Lukashenko prematurely stopped supporting Russian troops invading Ukraine.
Hackers working for or with Russia, meanwhile, unleashed a wiper malware called AcidRain, which was used in a cyberattack that sabotaged thousands of satellite modems used by Viasat customers.
Killnet emerged at the beginning of the Russian invasion and has since published claims of DDoS attacks on Lithuanian websites. The targets included police departments, airports and governments, according to security firm Flashpoint. On Monday, Flashpoint researchers wrote:
On June 25, Flashpoint analysts observed chatter about a plan for a mass-coordinated attack to take place on June 27, which Killnet dubbed “doomsday.” Flashpoint analysts have great confidence that the attacks reported today are those previously planned by Killnet. According to our intelligence services, smaller attacks prior to June 27 were also observed, including one that took place on June 22. Flashpoint analysts are very confident that Killnet has made Lithuania its target due to the ongoing gossip about Lithuania on Killnet-connected Telegram channels over the past week after the Baltic government announced transit routes on June 18 to the Russian region of Kaliningrad.
Notably, in a June 26, 2022 post, Killnet referred to Lithuania as a “testing ground for our new skills” and additionally said that their “friends from Conti” would fight eagerly, likely pointing to a connection between Killnet and Conti, a ransomware collective , which also professed its allegiance to Russia at the beginning of the Russian invasion of Ukraine.
So far, little information is available about the DDoSes, such as the strength or source of the malicious traffic. DDoS attacks work by flooding websites or servers with more traffic than they can handle, causing them to buckle and become unresponsive.
This article was previously published on Source link