Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

NATO member Lithuania is under attack from Russian hacking group Killnet. The attacks have been going on for the past week.

The DDoS attempts haven’t caused much disruption, but the situation raises serious concerns over Russia’s use of cyber warfare against NATO states. Of course, that’s assuming the attack really is state-sponsored and not some sort of patriotic stunt by a wholly independent group. Cough-cough.

You know what they say about assuming? In today’s SB Blogwatch, we eschew whataboutism.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Sham Chaurasi Gharana RHCP.

NATO Member Attacked

What’s the craic? Andrius Sytas and Guy Faulconbridge report—“Russian group claims hack of Lithuanian sites in retaliation for transit ban”:

Kaliningrad is sandwiched
Lithuania’s tax authority said in a statement it had halted all activities due to an unusually large number of attempts to connect to its systems, although all data was safe. … Russian hacker group Killnet claimed responsibility for … a distributed denial of service (DDoS).

“The attack will continue until Lithuania lifts the blockade,” a Killnet spokesperson said. [They] claimed the attack was retaliation for Vilnius’s decision to cease the transit of some goods under European Union sanctions to Russia’s Kaliningrad exclave.

Kaliningrad is sandwiched between EU and NATO members Poland and Lithuania and supplied by rail via Lithuanian territory. … Lithuania had begun to see signs of an attack as early as June 21.

I thought I felt some déjà vu. Bill Toulas jumps back a few days—“Lithuania warns of rise in DDoS attacks”:

Extensive guidance
The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in … DDoS attacks directed against public authorities … rendering the hosted sites and services inaccessible for legitimate visitors and users. … Lithuania’s transportation agencies, financial institutions, and other large entities have experienced temporary service disruptions.

The agency provided … extensive guidance on defending against all types of DDoS attacks used by threat actors today. … “The NCSC urges all managers of critical information infrastructure and state information resources to take additional security measures and to follow the NCSC recommendations for protection against service disruption attacks.”

Was there some kind of specious “reason” for the attacks? Vilius Petkauskas explains—“Killnet hits Lithuania over EU sanctions”:

Killnet is not even the name of an outfit
Kaliningrad [is a] Russian exclave wedged between Lithuania and Poland. Freight transport from the Russian mainland reaches Kaliningrad via Lithuanian territory. This route has been made difficult to complete for some goods, amidst EU sanctioning Russia for starting a war against Ukraine.

The attack against Lithuania is hardly the first one Killnet has performed. … The pro-Russian group has declared war against NATO and countries that support Ukraine. … The group has unsuccessfully tried to disrupt the Eurovision song contest, from which Russia was banned. … Killnet is not even the name of an outfit – rather it was the moniker given to a … DDoS tool offered … to other threat actors: … 500GB per second for $1,350 per month.

OK, so it’s not the name of the group? Even though that’s what they call themselves? u/FunnyMustache doesn’t care:

“Killnet” as a name for a hacker group is as bad [as] “Taserface” for a Ravager … if not worse.

How should we protect ourselves? RickRoyLeonPrisZhoraRachael advocates disconnecting Russia:

Russia wants its own internet? Then give it to them. Cut them off from the free-world net. Cut their cables, pursue France’s satellite dish operations they use, and expose others that they piggy back on.

They want a war? They can have … 404.

But DrXym is more “buy side”:

Train your staff, protect your network even if it inconveniences you (e.g., splitting accounts, development, marketing into separate siloed subnets), perform regular backups (which don’t overwrite previous backups), keep your software up to date, hire people whose job it is to take this stuff seriously, get rid of software that may compromise your network (e.g., Kaspersky), and be vigilant. … Produce security guidelines, conduct security audits on internal networks and services as well as critical infrastructure providers (energy, health, infrastructure, etc.), and require the same of all suppliers.

None of it is rocket science. And hopefully the last few years of … attacks have acted as a clue.

Something should have been done earlier, argues u/stormingrages:

This is an act of war. We can’t keep allowing Russia to act as it likes. Something should have been done after the cyberattacks on Estonia, honestly. [But it was] ignored, even though it should have thrown up massive red flags internationally.

Time for more radical action? gamerk2 thinks so:

At some point, we’re going to have to question the wisdom of our entire infrastructure being connected to the same network as Russia/China. At this point, I think it’s time to seriously consider breaking up the Internet; dictatorships have already locked it down at their end, and there’s no justification for allowing them to continue to gain access to our networks.

But what of Lithuania? u/gamer_jacksman sounds slightly cynical:

The politicians in Lithuania are selling out their country to be a sacrificial pawn. There must be a deal that the West promises to give Lithuania “aid” in exchange for poking the Russian bear. And when the **** hits the fan, all those politicians will bail out with their “aid” and leave Lithuania a smoldering war-torn hellhole.

Meanwhile, OldLadyJosie is disgusted:

Meanwhile, Russia bombed a mall in Ukraine … killing civilians and adding another tally to the war crime count. It’s so disgusting, but I’m glad Lithuania is standing up to them. We all should be—period.

And Finally:

Nooran Sisters vs. Andre

Hat tip: FeralCatMan

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Justina Leipuviene (via Unsplash; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 590 posts and counting.See all posts by richi