Last week, one of the “most complex” security incidents in the recent history of the Baltic state took place as described by the Republic’s Defence Minister, Arvydas Anušauskas.
The security incident was a thoroughly orchestrated cyber-assault on Lithuania.
The attack which took place “on the eve of the government’s transition […] was prepared in advance and with a goal in mind,” he said in a statement published on Wednesday.
On the night of 9 December, cybercriminals compromised several content management systems to gain access to 22 separate websites run by the Lithuanian public sector. The attackers then published articles containing misinformation on the websites.
Amid the bogus news posted by the threat actors was a story that alleged a Polish diplomat, carrying illegal drugs, weapons, and dollars, had been detained at the Lithuanian border. This fictitious story was shared on the web site of the Condition Border Guard Service (VSAT).
Another post reported that corruption had occurred at the airport in Šiauliai, where NATO’s Baltic Air Police Mission is based.
The third piece of propaganda enacted in the attack skewed numbers to make it look as if many more Lithuanians had been recruited into the military service than had been the case.
At the same time, falsified emails that resembled those used by the defence and foreign ministries, as well as the Šiauliai Municipality Administration, were used to share the disinformation by linking back to texts published on the hacked websites.
“This shows huge gaps in cybersecurity of the public sector,” said Anušauskas.
Lithuanian analysts have previously said that disinformation attacks in the country are mainly aimed at the military, NATO, and government structures.
The NKSC has now sent suggestions to municipalities, which can also be found on the Center’s website (in Lithuanian).