targeted attack Lithuania starts June 20. Over the next 10 days, websites belonging to governments and businesses were bombarded with DDoS attacks, overloading them with traffic and taking them offline. “Usually DDoS attacks focus on one or two targets and generate huge traffic,” said Jonas Sakrdinskas, acting director of the Lithuanian National Cyber Security Center. But this is different.
Days before the attack, Lithuania blocked the shipment of coal and metals through its country to the Russian territory of Kaliningrad, further bolstering support for Ukraine’s conflict with Russia. The pro-Russian hacking group Killnet posted “Are you crazy, Lithuania? 🤔” to 88,000 followers on its Telegram channel. The group then called on hacking activists (to name a few other pro-Russian hacking groups) to attack Lithuanian websites. Shared target list.
Sakrdinskas explained that the attacks were continuous and spread to all areas of Lithuanian daily life. According to the Lithuanian government, more than 130 public and private sector websites were “blocked” or inaccessible. These Killnet-related attacks have largely ceased since early July, and the government has launched a criminal investigation, Sakrdinskas said.
The attacks are just the latest wave of pro-Russian “hacking” since Vladimir Putin’s war began in February. In recent months, Killnet has targeted a growing number of countries that support Ukraine but are not directly involved in the war. Attacks on German, Italian, Romanian, Norwegian, Lithuanian, and US websites were all linked to Killnet. The group has declared war on 10 countries. The targeting usually occurs after a country provides support to Ukraine. Meanwhile, another pro-Russian hacking group, XakNet, claims to have targeted Ukraine’s largest private energy company and the Ukrainian government.
While security experts often warn that attacks from Russia could target Western countries, the efforts of voluntary hacking groups could have repercussions without official state support or implementation. “They must be doing these attacks with malicious intent,” said Ivan Righi, senior cyber threat intelligence analyst at Digital Shadows, a security firm that researches Killnet. “They are not working with Russia, they are supporting Russia.”
Killnet started out as a DDoS tool and was first discovered in January of this year, Righi said. “They were promoting this app or this website where you could rent a botnet and use it to launch a DDoS attack.” But when Russia invaded Ukraine in late February, the group turned. Righi said the vast majority of efforts by Killnet and its “Legion” group (members of the public who are asked to join and launch attacks) are DDoS attacks, but he also sees the group being linked to some website defacements and that the group itself has not Confirmed claims that it stole data.