New malicious actors target important Lithuanian decisions in cyberspace
In the war against Ukraine, Russia seeks to influence the West’s resolve to support Kyiv through unconventional means. Lithuania’s continued support for Ukraine, its NATO membership and its strategically sensitive geographic location make the state a target for Russian cyber operations.
In recent years, the list of groups coordinated by intelligence services of hostile countries, which are monitored in Lithuanian cyberspace, has expanded with new actors, namely a group coordinated by the GRU. This group is characterised by aggressive, destructive attacks. Perpetrators carried out attacks against private sector IT companies providing services to Lithuania’s critical infrastructure and state institutions. It is highly likely that the clients of these companies rather than the companies themselves were the intended targets.
Private sector companies are likely to be more attractive targets, as it is easier for attackers to access the information systems that store their customers’ data. Supply chain security is likely to require increasingly greater attention to ensure cyber security.
The Vilnius NATO Summit was also targeted by pro-Russian cyber groups and actors linked to Russian intelligence. Most of the attempts to disrupt the event by cyber means were limited and short-lived. For example, the disruption of systems by DDoS attacks and the dissemination of disinformation through malicious emails were observed. Attempts to create copies of the NATO Summit websites that could be used for malicious activities were identified and thwarted. However, more serious attacks also took place. It is very likely that a cyber group coordinated by the GRU released intercepted non-public information related to the meeting, most likely in order to discredit Lithuania in the international arena. It is possible that some of the intercepted information will be used to plan new disinformation operations.
Russia has been testing new methods of operating in Ukrainian cyberspace for a decade, but the most intense attacks have been carried out in support of Armed Forces operations. For example, since 2022, Russia has been using cyber means to gather information for conventional operations, to disrupt the ability of the Ukrainian Armed Forces to communicate, and launch destructive cyber-attacks against systems controlling electricity supply and telecommunications. Russian cyber capabilities also disseminate fake news by replacing authentic information on Ukrainian media and institutional websites with false data. The aim is to expand the dissemination of disinformation content and increase psychological pressure on Ukrainians.
Chinese cyber groups are also reacting to events related to Lithuania. Their activity in Lithuanian cyberspace has increased especially since 2021, when Lithuania announced the opening of the Taiwanese Representative Office. It has been identified that the previously opportunistic activities of Chinese cyber capabilities, more often directed against the private sector, have been replaced by an active and coordinated effort to gain access to the information systems of Lithuanian institutions for cyber espionage.
It is highly likely that Russian and Chinese cyber capabilities will remain a threat to the security of information networks and systems of Lithuanian institutions and critical infrastructure. Hackers will look for new security vulnerabilities unknown to the cybersecurity sector in order to gain illegal access to targeted organisations. However, it is highly likely that attackers will also use the proven attack methods, the effectiveness of which is enhanced by insufficient attention to cybersecurity.