A non-government association of Russian hackers has taken responsibility for a hacking campaign in Lithuania that has seen primarily government services hit by distributed denial of service (DDoS) cyber attacks.
The Russian hackers have issued statements indicating that the DDoS campaign was launched due to Lithuania’s stoppage of train routes to Kaliningrad, an isolated province of Russia that is disconnected from the rest of the country. Lithuania says that this was done in order to comply with EU sanctions on the country levied due to its invasion of Ukraine.
Russian hackers, cyber attacks not clearly linked to Russian government
The Russian hackers describe themselves as a collective called “Killnet,” something roughly comparable to the “Anonymous” volunteer hacker army that has jumped into the fray on behalf of Western nations. The cyber attacks are not the first action this group has taken in support of Russia’s actions in Ukraine. It has been linked to DDoS attempts on a variety of countries that have provided support to Ukraine or participated in sanctions on Russia, including an attempted cyber attack on the servers hosting the Eurovision Song Contest website in Italy as the Ukraine team was taking the stage.
Killnet seems to have had little impact with its cyber attack campaign as of yet, however, other than forcing certain websites offline for short periods of time. Lithuanian officials have described the DDoS attacks the group claims credit for as having “minor impact” and that it has stepped up cyber response staffing.
Will the Killnet attacks be limited to DDoS attempts?
It remains to be seen how the Russian government will handle the situation in Lithuania, which has cut off one of its provinces almost entirely from sanctioned materials such as metals and coal. The country is a NATO member, and despite some public bluster Russia has steered well clear of involving the alliance in the war. Killnet is apparently a free actor, but a big enough attack could shine a spotlight on Russia’s generally permissive attitude toward cyber criminals operating within its borders.
Killnet claims that it has hit nearly two thousand “web resources” in Lithuania, though the most significant damage thus far appears to be taking a government tax agency’s site offline for a short amount of time. The group has reportedly been making DDoS attempts in the country since June 21 but has yet to cause any significant known damage.
Lithuania has nevertheless issued a warning to its residents about the ongoing cyber attacks, telling its people to expect DDoS attempts to continue against transportation, finance, and energy companies along with government entities. Killnet has also been linked to similar actions in the Czech Republic, Italy, Moldova and Romania, though it seems to have focused on Lithuania since June. Killnet name-dropped their “friends” in the Conti ransomware gang in reference to possible future actions, but Conti has since disbanded in a bid to evade international law enforcement attention. Some Russian hackers in the criminal arena have flown a patriotic flag in support of Russia by pledging cyber attacks on its behalf, but they usually find themselves quickly sanctioned by Western nations when they do and scrambling to keep payments from victims from slowing down.