The Baltic countries and Poland, the targets of Russian hackers

The Baltic countries (Estonia, Latvia and Lithuania) and Poland are the preferred targets of pro-Russian hackers, according to a report by the VisionWare company, cited by the Portuguese publication Lusa. The company detected 961 cyberattacks by pro-Russian hackers against Western European countries and organizations between October 2022 and March 2023, nearly half of which were in the former Soviet Union's Baltic states and Poland.

The report, entitled "Action of pro-Russian cybercriminal groups against NATO member states", focuses on the activities of hacker groups KillNet and "NoName057(16)", verified by the Portuguese company VisionWare.

The source said that Bruno Castro, the founder and CEO of VisionWare, admitted that there was no evidence that the pro-Russian hack was state-sponsored, saying that it was unclear whether the Kremlin was involved: "There is no basis to conclude that these groups are affiliated with the Kremlin (or the GRU, the central intelligence service, or the FSB - the federal security service of the Russian Federation). However, we observe a very well-coordinated offensive strategy, consistent with the interests of the Russian government."

VisionWare prepares geopolitical reports related to the studied threats, monitors actors at risk, detects in real time any compromise of institutional data, produces analysis reports and studies the main threats and the main actors, distributed over time and by risk sectors . According to the cited report, 8,347 messages were analyzed on Telegram, of which 6,805 related to Killnet and 1,542 related to NoName057(16).

During the analyzed period, the groups mainly targeted sectors related to "government, banking and defense", with a total of 371 attacks. The highest frequency of attacks was recorded in the first month of this year, when there were 333 cyber attacks, which represents 35% of the total number of attacks recorded in the six months covered by the report.

Portugal was the victim of two KillNet attacks, which affected the portals of the National Health Authority (DGS) and the Faculty of Pharmacy.

During the two quarters under review, 41% of Killnet attacks took place in the United States. However, Estonia, Latvia and Lithuania were the targets of 33.9% of the attacks carried out by this group, while Poland stands out among the countries most targeted by NoName057 (16). Moreover, Warsaw authorities were targeted by both groups of pro-Russian hackers, who during 6 months tried to break into Polish data systems 123 times.

The cited source also shows that the respective groups continue to react to current events, following the analysis of the Russian Federation's relations with third countries.

Bruno Castro, founder and CEO of VisionWare, told the quoted source: "This study, based on a detailed analysis of the daily phenomena we monitor from these groups, suggests that the targets will go beyond Ukraine. For example, KillNet claimed responsibility for large-scale distributed denial-of-service (DDoS) attacks against major US airports in October 2022. These attacks did not affect flights, but disrupted or delayed airport services. All of these denial-of-service attacks cause financial and/or reputational damage that is often greater than we realize. The report we present highlights the development of the capabilities, resources and disruptive power of these groups to attack states and contribute to the destabilization of societies."

The results of the report, according to VisionWare, "take on particular importance with the latest release of the US Department of Defense Cyber Strategy 2023, with the situation in Ukraine being one of the global priorities of that cyber strategy."

The report further states: "In this new form of conflict, actors are using cyber capabilities to achieve their political, strategic and ideological goals. Cyber attacks launched by state actors originate from countries with significant resources that can conduct highly sophisticated cyber operations, attacking critical infrastructure, defense systems, and government networks. These groups, like "hacktivists", often resort to DDoS attacks, website defacement, information dissemination and digital sabotage to promote political and social causes. (...) Cyberwar is not limited to attacks between rival countries, but also includes actions by "hacktivist" groups, cybercriminals and extremists, who operate with different motivations and mostly without official ties to governments".

The source cited shows that the growing scenario of cyber warfare between states and non-states actors represent "one of the most complex and urgent challenges facing the digital age".