On June 23, the Lithuanian Cyber Security Center (NKSC) announced an increase in distributed denial of service (DDoS) attacks that were “leading to temporary disruptions of services” impacting public authorities and the transport and finance sector in Lithuania. On June 25, Killnet, a pro-Kremlin hacker collective, claimed responsibility for the attack, saying it was carried out to pressure Lithuania to reverse a ban on Russian goods being transported through the country.
Killnet had threatened that more intense cyberattacks would take place on June 27. By noon on June 27, Killnet claimed “1,089 Lithuanian web resources are disabled due to local ISP [internet service provider] failure.” The post did not name any provider and said to wait for official sources to comment on the disruption. The DFRLab did not find any Lithuanian media reporting on internet provider disruptions. The next day, Killnet claimed that “In 39 hours, we achieved the isolation of 70 percent of the entire Lithuanian network infrastructure.”
The claims from Killnet appear to be exaggerated. The DFRLab reviewed Killnet’s Telegram channel and identified 16 instances, between June 27 and 29, where the hacker group claimed to have taken down websites. When the DFRLab reviewed the websites on June 30, 14 were online. On June 30, Lithuanian police announced an investigation into the disruption of “more than 130 websites” between June 20 and June 29. This figure is nine times less than the figure published by Killnet on June 27.
Giedrius Meskauskas, a cyber security expert in Lithuania, published an op-ed piece in a regional news outlet saying that “these attacks are like if a gang of teenagers were running through the district at night, say, pouring five liters of fuel from each car. Unpleasant? Yes. For those for whom it was the last five liters of fuel, it is very unpleasant. Those who had a full tank of fuel would probably not even notice the incident.” Meshkauskas explained that “DDoS attacks are unpleasant, but one of the most primitive means of cyber warfare that can affect a limited amount of time and actually do no greater damage to an organization’s IT resources.”
Report prepared and first time published on the Atlantic Council web page. Author Nika Aleksejeva, Lead Researcher, Riga, Latvia
Cover illustration: Killnet / Source Ixbt.com