Cyber Incident Victim: Lithuania
Date:
Jun 2022
Location:
Lithuania
Summary
A pro-Russia hacking group known as Killnet claimed responsibility for an intense cyberattack targeting government agencies and private firms in Lithuania, reportedly in retaliation for the country's blockade of certain goods to the Russian enclave of Kaliningrad. The distributed denial-of-service (DDoS) attacks disrupted parts of the Secure National Data Transfer Network, a critical communications infrastructure designed to withstand crises, impacting service access for some users. The nation's cybersecurity center warned that similar or more severe attacks were highly probable in subsequent days, particularly against communications, energy, and financial sectors. The incident reflects broader hacktivist activities linked to geopolitical tensions following Russia's invasion of Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 27, 2022, Lithuania’s Defense Ministry reported an intense and ongoing cyberattack targeting government agency and private company websites. The attacks disrupted part of Lithuania’s Secure National Data Transfer Network, a critical communications infrastructure designed to function during crises, rendering some government officials unable to access services. The pro-Russian hacking group Killnet claimed responsibility for at least a portion of these disruptions, explicitly linking their actions to Lithuania’s blockade of certain goods transiting to Kaliningrad, a Russian exclave bordered by Lithuania and Poland. Lithuania’s National Cyber Security Centre (NKSC) confirmed the attacks involved distributed denial-of-service (DDoS) techniques, which overwhelm websites with artificial traffic to force outages. Acting NKSC Director Jonas Skardinskas warned that similarly severe or intensified attacks were highly probable in subsequent days, particularly against Lithuania’s communications, energy, and financial sectors.
The incident occurred amid heightened cyber tensions following Russia’s full-scale invasion of Ukraine in February 2022, which had spurred reciprocal hacking campaigns between pro-Ukrainian and pro-Russian groups. Killnet’s attack aligned with a pattern of suspected non-state "hacktivist" operations leveraging DDoS for political retaliation. Lithuania, a NATO member, had no immediate publicized assistance from the alliance confirmed in the initial response phase, though NATO nations had been on alert for such incidents. The NKSC focused on restoring the Secure Data Transfer Network’s functionality while monitoring for further disruptions. No collateral damage to other critical infrastructure or specific private sector entities was detailed in initial reports, though the targeting scope suggested broader systemic risks. The disruption underscored Lithuania’s vulnerability to geopolitical spillover in cyberspace, particularly as it enforced EU sanctions affecting Russian interests.