Russian ‘hacktivists’ cause problems far beyond Ukraine
The attacks against Lithuania started on June 20. For the next 10 days, government and corporate-owned websites were bombarded with DDoS attacks, overloading them with traffic and forcing them offline. “Usually DDoS attacks are concentrated on one or two targets and generate huge traffic,” says Jonas Sakrdinskas, acting director of Lithuania’s National Cybersecurity Center. But it was different.
Days before the attacks began, Lithuania blocked the transport of coal and metal through its country to the Russian territory of Kaliningrad, further bolstering its support for Ukraine in its conflict with Russia. The pro-Russian hacker group Killnet posted “Lithuania are you crazy? 🤔” on its 88,000 subscriber Telegram channel. The group then called on hacktivists – citing a number of other pro-Russian hacking groups – to attack Lithuanian websites. A list of targets was shared.
The attacks, says Sakrdinskas, were continuous and spread into all areas of daily life in Lithuania. In total, more than 130 public and private sector websites have been “hampered” or made inaccessible, according to the Lithuanian government. Sakrdinskas says the attacks, which were linked to Killnet, have mostly declined since early July and the government has opened a criminal investigation.
The attacks are just the latest wave of pro-Russian “hacktivist” activity since Vladimir Putin’s war began in February. In recent months, Killnet has targeted a growing list of countries that have supported Ukraine but are not directly involved in the war. Attacks on websites in Germany, Italy, Romania, Norway, Lithuania and the United States have all been linked to Killnet. The group has declared “war” on 10 nations. Targeting often occurs after a country has offered support to Ukraine. Meanwhile, XakNet, another pro-Russian hacktivist group, claimed to have targeted Ukraine’s largest private energy company and the Ukrainian government.
While security experts have frequently warned that attacks from Russia could target Western countries, the efforts of volunteer hacktivist groups can have an impact without being officially supported or led by the state. “They definitely have malicious intent when they carry out these attacks,” says Ivan Righi, a senior cyber threat intelligence analyst at security firm Digital Shadows who researched Killnet. “They are not working with Russia but in support of Russia.”
Killnet started out as a DDoS tool and was first spotted in January this year, Righi says. “They were advertising this app or website, where you could rent a botnet and then use it to launch DDoS attacks.” But when Russia invaded Ukraine in late February, the group pivoted. The vast majority of Killnet’s efforts and those of its “legion” group — members of the public who are invited to join in and launch attacks — have been DDoS attacks, Righi says, but he’s also seen the group linked to some website downgrades, and the group itself has made unverified claims that it has stolen data.