Posted on June 29, 2022 at 8:01 PM
The recent attack on the Lithuanian government and other entities was allegedly perpetrated by Russia-linked cyber threat actor Killnet, who claimed responsibility. According to the group, the attack was in response to the closure of transit routes within the Russian enclave of Kaliningrad. After admitting it was responsible for the attack, the threat group warned that more attacks are coming if the issue is not resolved.
The Lithuanian National Cyber Security Center (NKSC), on Monday, warned that there is an ongoing intense DDoS attack on the Secure National Data Transfer Network. Other governmental institutions and private networks are also impacted by the threat actors.
More Attacks Expected
The government expects that the attack will be ongoing and other infrastructures in the country could be targeted as well. The recent attack disrupted access to services of users of the data network, according to the NKSC.
Acting director of NKSC, Jonas Skardinskas, stated that it is highly likely that the threat actors may strike again with an even stronger force than before. He stated that more intense attacks could be witnessed in the coming days, especially against the financial and energy sectors. Skardinskas is also the head of the cyber security management department at NKSC.
The Killnet group launched that attack as a response to the announcement made by the Lithuanian government n June 18 that the routes between the Russian enclave of Kaliningrad and the Baltic country will be closed. This means it will affect the transport of steel and other metals from Russia to the country.
The Russian government stated that the train routes are very important for bringing in about 50% of the enclave’s imports. This prompted the government to call the move a blockage, warning of serious consequences.
But Lithuania has stood its ground, justifying the closure as a requirement for fulfilling the obligations of the European Union (EU) sanctions against Russia for its invasion of Ukraine earlier this year.
Killnet Threaten More Attacks
The threat group responsible for that attack has warned that the attack will continue unless the Lithuanian government opens the Kaliningrad route.
A spokesperson of the group stated that there are plans in place to keep attacking the region until the government decides to remove the blockage. The spokesperson stated that the group has already “demolished 1652 web resources” with more serious attacks coming in the next few days.
The Lithuanian government had already received prior warnings before the attack, but it seems the government is determined to maintain its ground. Russian threat actors have generally used DDoS attacks as their primary weapon of choice to send warnings to their rivals.
They have been using this method even before the war in Ukraine, although it intensified after the invasion. The Killnet group has also become very popular as a threat actor that utilizes DDoS attacks on its targets. This year, alone, the group has targeted Italy, the Czech Republic, Moldova, and Romania with cyber-attacks.
Flashpoint analysts wrote on June 25 that there was a plan for a mass coordinated attack on June 27, termed “Judgment Day” by Killnet. The researchers stated that the attack on Monday was likely a reference to the warning from the threat group.
The researchers also stated that there were small attacks before the major DDoS attack on Monday. They noted that a smaller attack occurred on June 22, which seems to support the claims of the hackers that the attack is retaliation.
A Testing Ground For New Tools?
While the Killnet group has blamed the attack on Lithuania’s refusal to open the routes, researchers believe it could also be a way of testing their new tools. The report also stated that the group could be preparing to collaborate with other notorious threat groups like the Conti ransomware gang.
This is also coming from Killnet, when it posted on June 26 that Lithuania is a testing group for its new skills. The post added that “friends from Conti” are eager to fight.
The partnership could be seriously brewing, considering that both Killnet and Conti have previously expressed their support and solidarity for Russia in the ongoing Russia-Ukraine crisis. As the war goes on, the Russia-linked attack is likely going to continue as indicated by the series of threats coming from Conti and Killnet groups. Cybersecurity researchers have advised organizations and government institutions to brace up and provide a more secure environment to mitigate the threats.