Cyber Incident Victim: Lithuanian Ministry of Foreign Affairs

In November 2020, the Lithuanian Ministry of Foreign Affairs suffered a cyberattack attributed to Russian threat actors, though the breach was not publicly disclosed at the time. Attackers exfiltrated approximately 1.6 million emails containing sensitive and highly sensitive diplomatic communications, documents, and attachments spanning up to 10 years of correspondence. The stolen data included 102 PST files converted from OST backups, totaling roughly 300GB, with content allegedly involving Lithuanian diplomatic personnel across multiple embassies, including representatives from the embassy in Georgia. On August 12, 2021, a seller advertised this cache on a data-trading forum, leaking sample documents and a list of ministry employees to demonstrate authenticity. The seller made unverified claims that the emails contained evidence of secret negotiations, conspiracies against U.S. President Biden, and preparations for conflict with Belarus. BleepingComputer verified that some names on the leaked employee list corresponded to actual Lithuanian diplomats. Forum users expressed interest in purchasing the data, prompting the seller to raise the asking price due to increased demand.

The Lithuanian Ministry of Foreign Affairs declined to confirm or comment on the breach’s authenticity in an August 12, 2021 statement, characterizing the incident as an "information attack by unfriendly countries." President Gitanas Nausėda later confirmed that evidence showed classified information had been stolen during the November 2020 intrusion. The compromised data posed significant risks due to its inclusion of marked sensitive documents and diplomatic correspondence, potentially exposing strategic negotiations and operational details. No containment measures or technical remediation steps were disclosed by the ministry. The incident highlighted persistent threats to diplomatic entities and the delayed public acknowledgment of breaches involving national security assets.