A cyber attack on Monday disrupted the operations of some public authorities and businesses in Lithuania. Officials said on Monday afternoon that the major incidents were contained, but warned that attacks might continue.
According to the National Cyber Security Centre, the targets of the intense cyber attacks included the Secure National Data Transfer Network and other Lithuanian state institutions, as well as private businesses.
A group calling itself Killnet and associated in the cyber world with Russia has claimed responsibility for the attack. It keeps posting information on its Telegram account about planned and executed Distributed Denial of Service (DDoS) attacks.
Attacks contained
The National Cyber Security Centre said on Monday afternoon that the major attacks had been contained and all Secure Network services were available.
“These attacks have been going on since last week. They were smaller in scale. Today they were larger in scale, perhaps targeting the public sector more,” Jonas Skardinskas, the centre’s acting director, told reporters in Vilnius.
The official did not give an exact number of affected institutions, as reports of attacks were still coming in.
“According to preliminary data, the websites of [the electricity grid operator] Litgrid and Lietuvos Geležinkeliai [Lithuanian Railways, LTG] were the most affected last week. Today, the most affected are the State Tax Inspectorate [VMI] and the networks of the telecommunication centre,” said Skardinskas. “There were also temporary disruptions to accounting services.”
The centre’s head said “there has been no serious, long-term damage”.
According to Skardinskas, what makes the attack different from other cyber attacks is its duration.
“It is not large in scale, but it has been lasting for quite a long time, well over a week. And I think it will go on for a while,” he said.
Experts also warn that destructive, data encryption attacks will increase in the coming days, and that there is a high probability of website content modification attacks as well.
Service disruptions
In a video message, Killnet says it has launched the attacks in retaliation for the restrictions imposed by Lithuania a week and a half ago on the transit of some goods to Russia’s Kaliningrad exclave.
After EU sanctions on Russia took effect, Lithuania restricted the transit of steel and ferrous metals to Kaliningrad, a move it said was based on clarification from the European Commission.
The tax inspectorate, VMI, on Monday put its IT systems on hold for security concerns after recording “an unusually high number of logins”.
“Please be advised that VMI customers’ data is secure,” the tax authority said. “The VMI website, the My VMI system and telephone services are currently down.”
Evelina Gudzinskaitė, director of the Migration Department, confirmed to BNS on Monday that information system disruptions were causing delays in the issuing of passports and residence permits.
“We are having problems with uploading and updating information on our website, but the worst thing is that our internal systems, such as the passport system, are currently experiencing disruptions,” the director said.
“Queues can form and some clients may not be served in time,” she added.
In the afternoon, the Migration Department said that information system disruptions had been resolved and passport issuance had returned to normal.
‘We are under attack’
Tadas Vasiliauskas, spokesman for Lietuvos Oro Uostai (Lithuanian Airports, LOU), confirmed to BNS that the state-owned company’s websites had experienced some disruptions.
“We have some disruptions, but everything is functioning. Our systems are functioning,” he said.
The BSS business management system implementation and maintenance services provider BSS IT said its website was down for several hours.
“We know from the public space that there is a risk and we are under attack. Our website, where we publish information, has been attacked,” said Nerijus Jankauskas, the company’s CEO, on Monday.
In its Telegram account, the Killnet group identified websites of businesses providing document management system services as its targets.
The Lithuanian National Cyber Security Centre last week warned about an increase in DDoS incidents. State-owned LTG then said it had been hit with cyberattacks.
Prime Minister Ingrida Šimonytė said on Monday that similar attacks had been recurring since Russia’s invasion of Ukraine in February.
Newsletter
Every Friday morning.
