Lithuania warns of rise in DDoS attacks against government sites

DDoS attack

The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country.

DDoS is a special type of cyberattack that causes internet servers to be overwhelmed by a large number of requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users.

According to NKSC, due to these cyberattacks, Lithuania’s transportation agencies, financial institutions, and other large entities have experienced temporary service disruptions.

“The NCSC urges all managers of critical information infrastructure and state information resources to take additional security measures and to follow the NCSC recommendations for protection against service disruption attacks,” advises the public notice.

The agency provided a link to a PDF containing extensive guidance on defending against all types of DDoS attacks used by threat actors today, so system administrators are advised to apply the recommended mitigations.

At this time, there are no reports of severe problems or high-impact disruptions coming from the country, but some services like those of the Lithuanian Railways are facing problems with ticketing and client communications.

Possible Russian retribution?

On June 21, 2022, a Russian group of hacktivists called “Legion – Cyber Spetsnaz RF” posted on Telegram declaring cyberwar against many Lithuanian organizations.

The listed entities include large banks, logistic companies, internet providers, airports, energy firms, mass media groups, and various state and ministry sites.

Cyber Spetsnaz announcing Lithuanian targets
Hackers announcing Lithuania targets

The large number of listed websites could be spreading the group’s available DDoS firepower too thin, as these hacktivist operations rely on volunteers who use the provided tools to generate and send requests to the targets.

This particular group of actors is an offshoot of the Killnet group, which became notorious for attacking Romanian government websites in April and Italian state platforms in May 2022.

Russian hackers hit Lithuanian sites with DDoS attacks because the country’s government imposed a limited goods transportation blockade between Russia and the Kaliningrad exclave as part of EU sanctions.

The Kremlin perceived this move as extraordinarily aggressive and illegal, and the hacktivists who support the Russian government were quick to orchestrate and launch cyberattacks against Lithuania.