A carefully coordinated cyber-attack on Lithuania that occurred last week has been described by the republic's defense minister as one of the "most complex" security incidents to target the Baltic state in recent history.
On the night of December 9, cyber-criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published articles containing misinformation on the sites.
Among the fake news posted by the threat actors was a story that alleged a Polish diplomat, carrying illegal drugs, weapons, and money, had been detained at the Lithuanian border. This fictitious story was shared on the website of the State Border Guard Service (VSAT).
Another article claimed that corruption had been uncovered in the Šiauliai airport, where NATO’s Baltic air-policing mission is housed.
A third piece of misinformation promulgated in the attack inflated figures to make it appear as though more Lithuanians had been drafted into the military than was the case.
An investigation into the attack by the Defense Ministry’s National Cyber Security Centre (NKSC) found that the websites targeted by the attackers were mostly run by regional municipalities.
In a statement published on Wednesday, Lithuania's defense minister, Arvydas Anušauskas, described the digital assault as one of the "biggest and most complex" cyber-attacks to hit the republic in recent years.
Anušauskas added that the attack, which took place “on the eve of the government’s transition [...] was prepared in advance and with a goal in mind.”
After hacking into the systems and posting the false articles, the attackers launched an email spoofing campaign to spread the misinformation as far as possible. The attackers impersonated the defense and foreign ministries as well as the Šiauliai Municipality Administration to send out emails containing links to the fallacious stories.
“This shows huge gaps in cybersecurity of the public sector,” said Anušauskas.
Following the attack, the NKSC has submitted a number of cybersecurity recommendations to municipalities. These include actively searching for vulnerabilities, limiting access to content management systems, installing a firewall, and avoiding the use of passwords that are easy to guess.