Un grupo de hackers leales al Kremlin, el colectivo KILLNET, lanzaron ataques distribuidos de denegación de servicio (DDoS) contra instituciones gubernamentales lituanas y empresas privadas en un intento de obligar a la nación a retirar las sanciones a nivel de la UE contra Rusia.
Russia-affiliated hacker group Killnet took down several Lithuanian government websites in response to the Baltic country following EU sanctions.
Threat actors loyal to the Kremlin, the Killnet collective, launched distributed denial-of-service (DDoS) attacks against Lithuanian government institutions and private businesses in an attempt to muscle the nation into dropping EU-level sanctions against Russia.
Killnet released a video message on the group’s Telegram account demanding Lithuania allow the transit of goods to Kaliningrad or the Baltic nation will be continuously attacked.
Jonas Skardinskas, the head of cybersecurity at the Lithuania’s National Cyber Security Center (NCSC) warned that the disruptions might continue for several days with transport, energy and finance sectors feeling the brunt of the attacks.
At the time of publishing this article, the website of Lithuania’s State Tax Inspectorate (STI) was displaying a failure notice. One of the nation’s largest accounting service providers, B1.lt, was also down. Local media reported that STI has put internal IT systems on hold for ‘security concerns.’
The NCSC said that threat actors are targeting country’s Secure public data transmission network with ‘intensive DDoS attacks.’ Authorities are working with affected businesses to mitigate the disruptions and restore services. Authorities also expect an increase in ransomware attacks.
Killnet boasted of attacking Lithuania’s e-government services and the website of the country’s police. However, both were fully functional at the time of publishing. The group also said its attacks disrupted several websites that provide accounting services in the country. Taking down accounting services and STI’s page for declaring tax duty can become an inconvenience for businesses that need to pay their taxes at the end of the month.
Russian hackers have continued attacking Lithuanian website’s throughout Monday. Users with IP addresses outside Lithuania experienced issues with Lithuanian airport websites while some could not connect to websites of financial service providers. Killnet boasted attacking over a thousand Lithuanian websites, repeating the demands drop EU sanctions against Russia.
Websites of major telecommunication services providers were also affected by the DDoS attack with some loading unusually slow and other not loading at all. The group also targeted a platform for purchasing cross country bus tickets as well as website of the Supreme Court of Lithuania.
Lithuania’s cyber watchdog noted an increase in DDoS attacks against the country last Friday, saying that threat actors targeted government agencies, transport, and finance sectors.
Attackers disrupted the website of the Lithuanian Railways, preventing passengers from purchasing train tickets online. It’s not clear whether the attacks NCSC announced are related to Killnet.
Lithuania, a NATO and EU member, borders Kaliningrad, the Russian exclave wedged between Lithuania and Poland. Freight transport from the Russian mainland reaches Kaliningrad via Lithuanian territory. This route has been made difficult to complete for some good amidst EU sanctioning Russia for starting a war against Ukraine.
While Russian officials threatened Lithuania, the nation’s leaders responded that the sanctions are imposed by the EU, not by Lithuania alone.
Crooks turned crusaders
The attack against Lithuania is hardly the first one Killnet has performed. The group has unsuccessfully tried to disrupt the Eurovision song contest, from which Russia was banned over the war in Ukraine.
Government websites in Italy, Romania, Germany, as well as websites in Czechia, Latvia, and elsewhere were under Killnet’s cyber fire. The pro-Russian group has declared war against NATO and countries that support Ukraine.
When it debuted at the beginning of the year, Killnet was not even the name of an outfit – rather it was the moniker given to a distributed denial of service (DDoS) tool offered at a price to other threat actors.
The group tried to rent botnets that had a capacity of 500GB per second for $1,350 per month. After Russia invaded Ukraine and hackers from around the world flocked to help the country defend against Moscow’s invasion, Killnet refocused and started hacktivism in support of Russia.
Competing hacker groups launched numerous attacks after Russia invaded Ukraine. Anonymous, Ukraine’s IT Army, Hacker Forces, and many other hacktivist groups started targeting Russia’s state-owned enterprises and businesses.
According to the United Nations, the Russian invasion of Ukraine has created the ‘fastest-growing refugee crisis in Europe since World War II.’ Over 12 million people were displaced due to the conflict in a nation with 44 million residents.
Witness testimonies from Ukrainian towns Russian forces have occupied for close to a month point to severe human rights violations and targeted lethal attacks against civilians. Reports of «gross and systematic violations and abuses of human rights» got Russia suspended from the UN Human Rights Council.