A Russian hacktivist group has launched a significant distributed denial-of-service (DDoS) campaign against multiple Lithuanian organizations. The attacks appear to be in direct retaliation for Lithuania’s recently announced military aid package to Ukraine.
The cyber incident began shortly after Lithuanian Defense Minister Dovile Sakaliene announced on social platform X that Lithuania would provide Ukraine with 4,500 drones valued at 5 million euros. The threat actors explicitly connected their actions to this announcement, warning that “Lithuanian russophobic authorities should think about helping their internet infrastructure, which is unable to cope with our attacks.”
Analysis of the ongoing campaign reveals that the attackers have targeted 14 distinct Lithuanian organizations spanning various sectors, including:
Critical Infrastructure
- Rytų skirstomieji tinklai (electricity sector)
- Siauliai Airport
Financial Services
- Multiple credit organizations
Transportation and Logistics
- Lidaris (international freight)
- Transaviabaltika (airline)
- Association of Automobile Carriers Linava
- Association of Stevedoring Companies
Media Organizations
- Lietuvos aidas (newspaper)
- Veidas (magazine)
- Verslosavaite (news portal)
- Open Klaipeda portal
Industrial and Manufacturing
- Panevėžio statybos trestas (construction)
- Grigeo (paper products)
The scope and coordination of these attacks demonstrate potential sophisticated planning and resource allocation. This group has previously claimed responsibility for similar campaigns against infrastructure in Spain, Germany, and Denmark, consistently citing those countries’ support for Ukraine as justification.
The timing and target selection of this campaign appears strategic, targeting organizations across multiple sectors rather than focusing solely on government institutions. This approach maximizes disruption to both public services and private enterprise, potentially affecting Lithuania’s ability to process and deliver the promised military aid to Ukraine.
Lithuanian cybersecurity authorities have not yet publicly commented on the incident. Security experts suggest these attacks could persist or escalate as Lithuania continues its support for Ukraine. Organizations in other NATO countries providing similar aid should maintain heightened security postures and prepare for potential copycat attacks.
Updates on this developing situation will be provided as new information becomes available.
