After the US report, A new attack in Lithuania: the targets were not chosen randomly

Delfi has already announced that US cybersecurity firm FireEye, which previously helped the US demonstrate Russia’s influence on Kremlin-sanctioned hacking and cyber espionage operations, released its latest report on April 28.

It reveals that cyber hackers have been systematically targeting selected Lithuanian, Latvian and Polish politicians and media for several years, trying to spread narratives directed against the United States, NATO and the West in general. Dozens of outright hacking attacks were carried out to forge email accounts. Now, following further investigation and the spread of new attacks to Germany, FireEye has issued a reasoned and fact-based conclusion in its latest report: There is no doubt that the covert cyber operation Ghostwriter was carried out, at least in part, by UNC1151, a state-sponsored cyber spyware actor, as predicted by Russia.

Just one day after the publication of this document, a new cyber attack was carried out in Lithuania and a message that did not correspond to reality was distributed, called aloud “the inauguration ceremony of the President of Belarus Sviatlan Cichanouskaya”.

“We are Lithuanians! For many years we fought for an independent state. We have something to be proud of. We want closer ties with Belarus, we want to make some contribution to its future. The future of Belarus now also depends on our solidarity and financial support.

We therefore invite you to support the proposal of Pavel Latatuka, member of the Presidium of the Coordinating Council of the Belarusian Opposition, to organize the inauguration ceremony of the President-elect of Belarus Sviatlan Cichanouskaya. This initiative is the best proof that all Lithuanians can help Belarusians.

We invite everyone to contribute to the inauguration ceremony of the President of Belarus. All you have to do is provide financial support and transfer the money to the accounts, ”concludes this enthusiastically written message with specific accounts. The message originally appeared on the YouTube channel, which launched on April 27, and was called aloud “Forest Brothers.” Several stolen records of Gitana Nausėda, Lithuania’s path to independence and Belarusian protests last fall, and the aforementioned invitation to “support S. Cichanouskaya’s investiture ceremony” suddenly appeared. Neither Sviatlana Cichanouskaya herself nor Pavel Latuška sent similar calls.

On April 29 and 30, with such a message, after attaching the video, it was hacked and uploaded to the Valstietis.lt portal and several smaller sites, but with cybersecurity vulnerabilities or without any protection whatsoever. This is not the first time that a state intruder has been hacked.

In addition, Ernestas Subačius, chairman of the board of directors of the Lithuanian Freedom Fighters’ Union, began to actively share the message on his social media accounts on Facebook and Twitter. He assured Delfi that he himself had not shared similar messages, especially since he had joined the Twitter account for a long time. However, E. Subačius noted that a few days ago he was asked to change the passwords for social media accounts, which he did, although he was unable to log into their accounts for some time.

Nerijus Maliukevičius, a professor at the Institute of International Relations and Political Science at Vilnius University, who has been researching information wars for several years, noted that the logs placed by the hacking indicated no one but Pal. kun. Mykolas Sopočka hospital bills. So, it would seem that the cyber hackers did nothing wrong, as if they had done something, if some naive had come up with the idea of ​​sacrificing “S. For the inauguration of Cichanouskaya ”, it is likely that the money has gone to the hospice account. However, according to N. Maliukevičius, such a clever way to cover up both the hospice and the name of Freedom Fighter E. Subačius is nothing more than an attempt to compromise them, as well as financial manipulation and the use of a stranger’s name.

E. Subačius, an active LLKS participant who uses social media, has many friends in common between right-wing politicians and their supporters, according to N. Maliukevičius it is almost a typical case of “super spreader” events where the virus spreads en masse in a single geometric progression as a result of a single person or event. This time it is applicable to spreading a disinformation message.

In addition, according to N. Maliukevičius, even after using the same banal tricks according to the already seen scenario, new elements appear, which shows the attempts of the creators of such liars to improve.