Russia-linked ‘cyber collective’ Killnet has claimed responsibility for DDoS attacks Mon. on the Lithuanian Govt. & other bodies in the Baltic country, over closure of transit routes within the Russian exclave of Kaliningrad, according to researchers.
The threat group warns that it will keep up attacks until the issue is resolved.
Cyber collective Killnet claims it will not stop until the Baltic country opens trade routes to & from the Russian exclave of Kaliningrad.
Intense & Ongoing
On Mon., Lithuania’s National Cyber Security Centre (NKSC) under their Ministry of National Defence warned of intense & ongoing DDoS attacks against Lithuania’s Secure National Data Transfer Network as well as other govt. institutions & private companies.
The attacks, which the govt. expects to be ongoing as well as target other critical infrastructure in Lithuania disrupted access to services of users of the secure data network, the NKSC explained in a public statement.
“It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy & financial sectors,” Jonas Skardinskas, acting NKSC director & head of Cyber Security Management Dept., outlined in a statement.
Motivation
Russia-based Killnet apparently launched the attacks in response to the Lithuanian Govt’s announcement on June 18 that it would close routes between the Baltic country & the Russian exclave of Kaliningrad for transport of steel & other metals, according to Flashpoint, which published a blog post by the Flashpoint team on the attacks on Mon.
“These train routes, according to the Russian Govt., are essential in bringing in at least half of the exclave’s imports, prompting Russian officials to label the move as a ‘blockade’ & warn of a harsh retaliation,” a Flashpoint spokesperson wrote.
Justified the Closure
Meanwhile, Lithuania has justified the closure as a necessary requirement to fulfil the obligations of European Union (EU) sanctions against Russia for its invasion of Ukraine in late Feb., where the war is ongoing.
On its Telegram channel, Killnet claimed that it would stop the attacks as soon as the Lithuanian Govt. reinstates transit routes with Kaliningrad, according to Flashpoint.
A spokesperson for Killnet group also told Reuters it plans to continue attacks until the blockade is lifted, adding that it has already “demolished 1652 web resources & that’s just so far.”
Political Weapon
There was some warning before the attacks that they were imminent, according to Flashpoint. DDoS attacks have been a typical weapon of choice for Russian cyber players since Russia’s invasion of Ukraine, with Russian threat players using them both before the war on the ground started & after, alongside other cyber-attacks to support military operations.
In 2022 alone, Killnet reportedly already has targeted Romania, Moldova, Czech Republic & Italy with cyber-attacks.
“On June 25, Flashpoint analysts observed chatter regarding a plan for a mass-coordinated attack to take place on June 27, which Killnet referred to as ‘judgment day,’” researchers wrote in the post. In retrospect, they suggested that this conversation was likely a reference to Mon.’s attacks.
Retaliation
Flashpoint researchers also observed smaller attacks prior to Mon., including one that took place on June 22, they stated. This seems to support Killnet’s claim that the attacks were in retaliation to the closure of transit routes to Kaliningrad, researchers wrote.
It also seems that Killnet is using the attacks against Lithuanian as a proving ground for new tools & tactics and even may be gearing up to team up with the Conti ransomware gang, according to Flashpoint.
Testing Ground
In a post from June 26, Killnet labelled Lithuania a “testing ground for our new skills” & mentioned that their “friends from Conti” are eager to fight.
This grouping would make sense, because both groups had already expressed an allegiance to Russia at the beginning of the group’s invasion of Ukraine, researchers explained.
It is clear now that cyber-attacks will be used as a frequent weapon—although not necessarily a deadly one–for the world’s military powers, either besides a physical war or to support a political stance, one security professional noted.
Espionage Tools
“Every significant military power in the world has developed cyber capabilities that have evolved from espionage tools into full-fledged weapons to be used as part of a co-ordinated military response,” observed Chris Clymer, Director & CISO of Inversion6.
“Targeting another country with these arguably constitutes an act of war, but one less severe than kinetic attacks with missiles & tanks. This harassment will continue.”