Posted on July 2, 2022 at 5:23 PM

DDoS Attacks On Lithuania Linked To Russian Killnet Group

A non-governmental hacking group in Russia has claimed responsibility for the wave of distributed denial of service (DDoS) attacks that have hit Lithuania. According to the threat group, the series of attacks are in response to the blockage of train routes that pass through the Kaliningrad border.

The Russian threat group, who call themselves “Killnet” first declared their intention to launch a series of attacks in April when they declared their support for Russia. The group made their intentions to attack critical infrastructures in other countries known. This is not the first time the group has launched attacks, as it was previously linked to a previous DDoS campaign on the Eurovision Song Contest in June.

The group wanted to disrupt the contest but was thwarted by Italian law enforcement agencies. Russia was ousted from the competition following the country’s invasion of Ukraine, which eventually won the contest. The threat group has also claimed responsibility for the attack on other governmental agencies in other countries.

Killnet Says Attacks Will Continue Until Bloccckage Is Removed

The closure of the Lithuanian rail deliveries to Kaliningrad, a province that sits between Lithuania and Poland, did not go down well with the Killnet hackers. The decision was taken by the Lithuanian government as a result of the sanctions imposed on Russia. It affected the province directly since the transported items through that route make up 50% of all imports to the region.

The Lithuanian government recently confirmed that some websites were hit by a series of DDoS attacks. As a result of the attack, its tax authority had to shut down temporarily. Media websites, state, and transport institutions were the obvious targets while coming private businesses were affected as well.

A spokesperson for the Killnet hackers stated that the group will continue launching the DDoS attacks on critical facilities and websites until the government unblocks the route. The spokesperson claimed that the threat group had identified 1,652 web resources it will be targeting. The DDoS attack started on June 21, but the largest wave of attacks was recorded on June 27 when some Lithuanian government websites were affected. Killnet referred to the attack as “judgment day.”

As a measure against further attack, Lithuania’s National Cyber Security Center has warned citizens that the threat actors may continue their attacks on organizations and private institutions, with a specific focus on the financial, energy, and transportation sectors.

The Russian Security Council has not responded directly to the attack. However, they warned earlier that the blockage will result in a “serious negative impact” on Lithuania.

Killnet Could Partner With Other Notorious Hacking Groups

Although the Killnet group does not have any link with Russia’s government at the moment, the group calls itself a hacktivist collective that acts out of patriotism. In April, the group was put on the radar by the Five Eyes intelligent agencies, which issue warnings about several hacking syndicates in Russia.

At the time, various hacking groups in the country were declaring their support for the Russian Federation in its fight against Ukraine. While the physical war is ongoing, it appears that the cyber war is also being fought by hacktivists, with some supporting Russia while others are using their skills to support Ukraine.

But the Killnet group recently declared its intention to partner with other hacking groups in Russia, such as the notorious Conti ransomware gang.

The Russian hackers posted on June 26 that they will be working with “friends” from the Conti ransomware gang. The popular hacking group is one of the major ransomware as a service groups. They have been linked to a series of threat actions and attacks since 2019 when they were discovered.

Russia Uses Killnet As A Proxy

In February, an internal document from Conti was leaked, which showed that the main members of the group are throwing their weight behind the Russian government. They have carried out several independent attacks. Other ransomware gangs that have come out openly to declare their support to Russia have been sanctioned by the Western governments.

Although Russia has kept denying its involvement with all the ransomware gangs linked to the country, evidence from several attacks showed that they were carried out by Russian-linked threat actors. Killnet could be one of the proxies the Russian government uses to deny responsibility while launching a series of attacks on other countries, especially NATO members. The threat group has reportedly targeted Lithuania, Italy, the Czech Republic, Moldova, and Romania.