Cyber Incident Victim: Lithuania

On December 9, 2020, Lithuania experienced a coordinated cyberattack targeting 22 public sector websites, primarily operated by regional municipalities. Attackers breached multiple content management systems to publish fabricated articles containing disinformation. One false story appeared on the State Border Guard Service (VSAT) website, alleging the detention of a Polish diplomat carrying illegal drugs, weapons, and money at the Lithuanian border. Another fraudulent article claimed corruption was uncovered at Šiauliai airport, which hosts NATO’s Baltic air-policing mission. A third piece of misinformation exaggerated military conscription statistics to suggest higher draft numbers than reality. Following the website compromises, attackers launched an email spoofing campaign impersonating Lithuania’s defense and foreign ministries along with Šiauliai Municipality Administration, disseminating links to the falsified articles to amplify their reach.

Lithuanian Defense Minister Arvydas Anušauskas characterized the incident as one of the "biggest and most complex" cyberattacks against the nation in recent years, noting it occurred on the eve of a government transition and was "prepared in advance with a goal in mind." The National Cyber Security Centre (NKSC) under the Defense Ministry investigated the incident, confirming most compromised websites belonged to municipal administrations. Anušauskas publicly highlighted "huge gaps in public sector cybersecurity" following the attack. In response, the NKSC issued cybersecurity recommendations to municipalities, including proactive vulnerability assessments, restricted access to content management systems, firewall implementation, and enforcement of stronger password policies to prevent similar breaches. The attack demonstrated operational sophistication through its multi-vector approach combining website defacement with coordinated disinformation dissemination via spoofed government channels.