Ones and zeros appear to float in the water next to a drowning man.
Enlarge / Drowning in a sea of data.

The pro-Russia threat-actor group Killnet took credit for a distributed denial of service attack on internet services in Lithuania. Killnet said its attacks were in response to the ban of shipments byLithuania to the Russian exclave of Kaliningrad.

The Secure National Data Transfer Network is one of the critical components ofLithuania's strategy on ensuring national security in cyberspace and was disrupted by the flood of malicious traffic. The country's Core Center of State Telecommunications identified the sites most affected in real time and then worked with international web service providers to mitigate the effects of the attack.

"It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy, and financial sectors," said the acting director of the National Cyber Security Center ofLithuania. Website defacements and other destructive attacks are on the way.

Leaving much to be desired

The attacks came as members of Killnet took to forums on Telegram to boast of the attacks and condemn the Lithuanian government for blocking shipments of some goods to Kaliningrad, which is wedged betweenLithuania andPoland and connected to the rest of Russia by a rail link throughLithuania.

One message said that theLithuanian authorities should withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia. The websites for four airports in the country were not functional. Thanks to our attacks, they are only available from the addresses inLithuania.

Advertisement

The government ofLithuania didn't reply to a request to comment.

Ever since the lead-up to Russia's invasion of Ukraine in February, a host of hacks have come from groups aligned with both sides. In January, for instance, hacktivists in the pro-Russian country of Belarus said they infected the network of the country's state-run railroad system with ransomware and would provide the decryption key only if Belarus President Alexander Lukashenko stopped aiding Russian troops ahead of a possible invasion of Ukraine. Hackers working for or in allegiance with Russia, meanwhile, have unleashed wiper malware dubbed AcidRain that was used in a cyberattack that sabotaged thousands of satellite modems used by Viasat customers.

Judgment day

Since the beginning of Russia's invasion, Killnet has been posting claims of attacks on the websites ofLithuania. Police departments, airports, and governments have been targets. Researchers wrote on Monday.

On June 25, Flashpoint analysts observed chatter regarding a plan for a mass-coordinated attack to take place on June 27, which Killnet referred to as “judgment day.” Flashpoint analysts assess with high confidence that the attacks reported on today are the attacks Killnet had planned prior. Smaller attacks have also been observed prior to June 27, including one that took place on June 22, according to our intelligence. Flashpoint analysts assess with high confidence that, based on ongoing chatter regarding Lithuania on Killnet-affiliated Telegram channels that took place over the last week, Killnet made Lithuania its target after the Baltic government closed transit routes to Russia’s Kaliningrad region on June 18.

Notably, in a post from June 26, 2022, Killnet labeled Lithuania a “testing ground for our new skills” and additionally said that their “friends from Conti” are eager to fight, likely pointing to a connection between Killnet and Conti, a ransomware collective that also expressed their allegiance to Russia at the beginning of the Russia’s invasion of Ukraine.

There isn't much information about the strength or source of the attacks. Flooding websites with more traffic than they can handle causes them to become unresponsive.