New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Cyber Spetsnaz Targets Lithuanian Critical Infrastructure

Following an announcement by the Lithuanian government of a ban on Russian railway goods, the Russian based hacktivist syndicate Cyber Spetsnaz is now up in arms. The group is believed to be composed of various smaller sects of cyber-criminals who have either just joined, or previously worked on prior campaigns. Prior to the announcement, various European news outlets reported that Russian warned Lithuania if they were to instill a ban. Efforts to disable the critical infrastructure within Lithuania are likely to be carried out via DDoS attacks looking to cause short but effective outages and push a media narrative. Lithuanian cyber security personnel are aware of the impending attacks and claim to be prepared. According to information found on a criminal forum, the current list of targets include:

  • logistics companies (Adrem, Talga)
  • transport infrastructure (Transimeksa, Kelprojektas)
  • major financial institutions of Lithuania (Central Bank, Stock Exchange, Swedbank, SEB, etc.)
  • ISPs (Tele2, Telia, Penki, Mezon, Cgates, Fastlink)
  • airports (Vilnius Airport, Kaunas Airport, Palanga Airport, Siauliai Airport)
  • energy companies (Ignitis Grupe, Ministry of Energy, Aedilis)
  • major media outlets (Delfi, Nedelia, ZW)
  • government WEB-resources (President, Ministry of Foreign Affairs, Ministry of Justice, Police)

Analyst Notes

It is important for organizations to review critical systems connected to the Internet whose unavailability would cause business operations to be degraded. Examples to consider include VPN servers that remote employees connect to for work, websites that drive e-commerce and B2B data transfers. It is advised that organizations reach out to a security-first vendor to help provide them with protection that can be quickly deployed.