Russian cybercriminal group Killnet has claimed responsibility for a cyberattack that disrupted government systems in Lithuania. The group said the distributed denial of service (DDoS) attack, which also affected some Lithuanian businesses, is in retaliation for Lithuania’s blockade preventing goods passing from Kaliningrad, a Russian enclave, through its borders to the rest of the country.

The attack is the latest in a string of DDoS attacks on targets on either side of the Russia-Ukraine conflict. So far, however, more destructive cyberattacks have been less prevalent than many analysts had predicted.

Kaliningrad
Kaliningrad is an enclave connected to the rest of Russia through Lithuania, and home to Russia’s fleet in the Baltic sea. (Photo by castenoid / iStock)

Earlier today, Lithuanian media reported that multiple government departments and businesses were being subjected to a DDoS attack.

Speaking to Reuters, a spokesperson for Killnet said: “The attack will continue until Lithuania lifts the blockade. We have demolished 1,652 web resources. And that’s just so far.”

Why is Killnet targeting Lithuania?

Earlier this month, Lithuania imposed a blockade restricting the transport of steel and other metals between Kaliningrad and the rest of Russia through its borders. Russia’s naval fleet in the Baltic sea is based in Kaliningrad.

Lithuania’s government has said it is simply adhering to EU sanctions against Russia, but Moscow – and other observers – have warned the move risks escalating the war in Ukraine.

Today, the country’s state-owned airport said its systems had been disrupted but continued to operate. The Lithuania tax department said its website and phone systems were down but reassured citizens that their data was secure. And the immigration department said that passport applications had been slowed down by the DDoS strikes.

Lithuania’s Prime Minister Ingrida Šimonytė told reporters that the country had been subjected to DDoS attacks since Russia’s invasion of Ukraine in February. “This is not something new,” she said.

What is Killnet?

Killnet is a cybercrime group that is sympathetic to Russia. It emerged earlier this year as a DDoS-as-a-service tool, allowing customers to rent botnet access for $1,350 a month, according to researchers at threat intelligence provider Recorded Future.

After the start of the war, however, the group behind the service turned to politically motivated hacktivism in support of Russia. In April, it was identified by the Five Eyes security alliance as one of a group of cybercriminal gangs that had lent their backing to Vladimir Putin’s regime.

That month, it claimed responsibility for a string of DDoS attacks on Romania’s government and in May the hacking group ‘declared war’ on ten countries, including the US, UK, Lithuania and Romania.

Russia’s invasion of Ukraine has been accompanied by a number of DDoS attacks on targets on either side of the conflict. Hacktivist group Anonymous has claimed responsibility for DDoS attacks on various Russian targets, including state-run media company RT.

Destructive cyberattacks providing tactical support to military operations have not been as prevalent as many analysts had predicted, however. This may be because the opportunities to execute such attacks are hard to come by, experts told Tech Monitor last week, and because Russia might be reluctant to use up its stockpile of zero-day vulnerabilities.

Read more: The war in Ukraine is showing the limits of cyberattacks