Lithuania says Russian spyware infected government computers

Lithuanian officials call it “part of psychological warfare.”

David bisson
David Bisson

Lithuania says Russian spyware infected government computers

Lithuania, Europe’s southernmost Baltic state, is accusing Russia of having infected its government computers with spyware on multiple occasions.

Lithuanian intelligence detected at least three separate instances of Russian spyware on government computers. Those malicious programs primarily targeted low- to mid-ranking Lithuanian officials whose computers contained government documents.

Upon successful infection, the spyware exfiltrated every document and password it found on a machine and sent that data to a website that Russian spy agencies commonly use.

Sign up to our free newsletter.
Security news, advice, and tips.

Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre, told Reuters that such behavior is business as usual for the Russian bear:

“Russians are really quite good in this area. They have been using information warfare since the old times. Cyberspace is part of that, only more frowned upon by law than simple propaganda…. They have capacity, they have the attitude, they are interested, and they will get to it – so we need to prepare for it and we need to apply countermeasures…. It is all part of psychological warfare.”

MoscowCerniauskas makes a good point. If anything’s become apparent this year, it’s Russia’s insatiable appetite for using the digital space to get what it wants.

The nation proved as much back in the summer, when we learned it had likely hacked the Democratic National Committee and stolen opposition research on then-U.S. Republican presidential nominee Donald Trump.

Two groups perpetrated the hack: COZY BEAR and FANCY BEAR, the same attackers that used Android malware to track Ukrainian artillery field units back in late-2014.

There’s widely held consensus that Russia tampered with (but did not sway) the United States 2016 presidential election. As a result, other nations like Germany are preparing for possible Russian intrusions in their upcoming national elections in 2017.

Cerniauskas says he and his team didn’t detect any signs of tampering in Lithuania’s October 2016 election but that the country is nonetheless vulnerable to Russian meddling.

For its part, Russia has denied all charges of having conducted the spyware campaigns. President Vladimir Putin’s spokesman Dmitry Peskov went so far as to tell Reuters they were “laughable” and unsubstantiated:

“Did it (the spyware) have ‘Made in Russia’ written on it? We absolutely refute this nonsense.”

As we all know, words mean little when indicators of compromise keep showing up. It’s therefore imperative that nation-states learn from the examples of Lithuania and the United States and implement certain safeguards to defend themselves.

But more is going on here. The international community has learned of a number of digital attacks that all point to Russia. It must ask itself: what is to be done? Sanctions have not deterred Russian aggression in Ukraine and the Middle East. What else can be done to put pressure on this consummate spoiler and make sure it plays nice?

Not an easy question to answer. But no doubt heads of state all over Europe are mulling it over.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

2 comments on “Lithuania says Russian spyware infected government computers”

  1. furriephillips

    Why try to punish, rather than educate your citizens/users/sysadmins and give them the tools, to protect themselves & just spoil the attackers fun – no need to try to punish, just protect & defend.

  2. furriephillips

    Oh Graham, the conversion of the ampersands is a bit fugly!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.