therecord.media Open in urlscan Pro
2606:4700:4400::ac40:9042  Public Scan

Form analysis
4 forms found in the DOM

GET https://therecord.media/

<form role="search" method="get" class="search-form" action="https://therecord.media/">
  <input type="text" placeholder="Search" value="" name="s">
  <input type="submit" value="go">
</form>

<form class="search-form">
  <a href="#">
<i class="fas fa-search search-icon"></i>
<i class="fas fa-times close-icon"></i>
</a>
</form>

GET https://therecord.media/

<form role="search" method="get" class="search-form" action="https://therecord.media/">
  <input type="text" placeholder="Search" value="" name="s">
  <input type="submit" value="go">
</form>

POST

<form action="" method="post" class="newsletterForm">
  <input type="email" name="email" placeholder="your e-mail address">
  <input type="hidden" name="newSubscription" value="1">
  <input type="submit" value="go">
</form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept
Manage consent
We use cookies to optimize our website and our service. Cookie Policy

Functional

Marketing
Accept allDismissPreferences
 * Leadership
 * Cybercrime
 * Nation-state
 * Government
 * People
 * Technology

 * About
 * Contact
 * Podcast

 * 




SUBSCRIBE TO THE RECORD



IMAGE: Ivars Utināns/Unsplash
Daryna Antoniuk October 28, 2022


LATVIA’S CYBERSPACE FACES NEW CHALLENGES AMID WAR IN UKRAINE

Nation-state
News
 * 
 * 
 * 
 * 
 * 

Daryna Antoniuk

October 28, 2022

 * Nation-state
 * News

 * 
 * 
 * 
 * 
 * 


LATVIA’S CYBERSPACE FACES NEW CHALLENGES AMID WAR IN UKRAINE

Russian cyberattacks may be a global threat, but Ukraine’s allies have been
especially at risk. Among them is Latvia, which was one of the first to declare
Russia a “state sponsor of terrorism” and stopped issuing entry visas to Russian
citizens in August.

Before Russia invaded Ukraine in late February, most cyberattacks targeting
Latvian organizations were financially motivated, but now the country’s
cybersecurity agencies have to deal with more serious threats — pro-Russian
hacktivists and nation-state hackers targeting the government, critical
infrastructure, and private businesses. 

Since the beginning of the war in Ukraine, the number of cyberattacks in Latvia
has increased by more than 30%, Varis Teivans, the deputy manager of Latvia’s
Computer Emergency Readiness Team (CERT), told The Record. 

What hackers are actually achieving, however, is less clear. Cyberattacks by
pro-Kremlin hacktivist groups like Killnet usually achieve nothing more than
publicity, although Teivans does admit the activity of state-backed hackers is
“a cause for concern.” 

The Record visited Teivans at CERT’s office in the Latvian capital of Riga this
month to talk about the new challenges Russia’s war with Ukraine poses for
Baltic cyberspace.


HACKTIVISTS VS APT GROUPS

The cyberattacks that attract the most media attention in Latvia are usually
carried out by pro-Kremlin hacktivists, including Killnet and its affiliates
(like XakNet and FuckNet), according to Teivans. 

They usually conduct distributed denial-of-service (DDoS) attacks, flooding
websites with junk traffic to knock them offline, or post threatening messages
on the main page of the websites, in what’s known as defacement attacks.

Most of these are successfully countered by Latvian cybersecurity specialists,
and those that hit the targets have no lasting impact, according to Teivans.

For example, Killnet launched a DDoS attack on the website of the Latvian
parliament in early August. They took the site down for several hours but it
ultimately didn’t disturb the work of policymakers.

Hacktivists often attack in response to specific events, according to Teivans —
Latvia designated Russia a “state sponsor of terrorism” shortly before the DDoS
attack on the parliament website.

In July, pro-Kremlin hacktivists attacked Latvian computer systems almost daily,
outraged by the Latvian government’s decision to demolish nearly 300 Soviet
monuments.

“What they’ve achieved was to disrupt some of the public transport ticketing
services,” and a charity that collects donations for people in need, Teivans
said. “This is a very bad performance.”

According to Teivans, Russian hacktivists have a “poor understanding” of what
they are targeting. Once, they attacked the website of a now-closed Latvian
airport, and mistakenly hacked the Latvian agency responsible for parks and
recreation, confusing it with the Ministry of the Interior.

“Russian hacktivists are a PR project, not talented hackers,” Teivans said.
“Every time they claim to have hacked some of our websites and leaked
information, it’s a lie, sometimes a very pathetic one.”

FuckNet, for example, once claimed to have hacked the website of President Egils
Levits and stolen data, which, it turned out, was publicly-available procurement
information. 

There are, however, more sophisticated cyber operations conducted by capable
Russian hackers — the so-called advanced persistent threat (APT) groups. “These
are the attacks we are most concerned about,” Teivans said.


THREATS TO CRITICAL INFRASTRUCTURE

Among APT’s most common targets are state services, critical infrastructure
facilities, and businesses that work with the government. “Private businesses
are compromised to gain access to more secure government networks,” Teivans
said.

The same hacker groups that have targeted Ukraine have tried to compromise
Latvia’s telecommunication and energy infrastructure, Teivans added, though he
said he couldn’t disclose the names of the groups or the impact these attacks
had due to security reasons.

In September, the Ukrainian government warned that Russia plans to increase the
intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest
allies, including the Baltic countries.

Carefully-planned cyberattacks on the right targets could increase the effect of
missile strikes on electrical supply facilities, according to Ukrainian
intelligence. 

Teivans agreed that Russian hackers could intensify their attacks on Europe’s
energy sector and some critical infrastructure. In fact, they may have been
preparing for these attacks for months.

“APT operations are not opportunistic,” Teivans said. “Nation-state hackers
usually ‘sit’ in critical networks for a while, waiting for a perfect moment to
attack.”


COUNTERING OLD THREATS

Latvia was a common target for Russian hackers even before the start of the war
in Ukraine, said Teivans, who has worked at CERT since its inception in 2007.

For example, Russian hackers repeatedly targeted Latvia during and after the
October 2018 parliamentary elections. These attacks didn’t alter the election
results but created distrust between Moscow and Riga.

Prior to those elections, pro-Russia hackers replaced the front page of the
Facebook-like Latvian social media site Draugiem with a Russian flag and a
message saying “Fellow Latvians, this concerns you. The Russian border has no
limits!”

With the beginning of the war in Ukraine, Estonia and Lithuania were also
increasingly attacked by Russian hackers.

Like its Baltic neighbors, Latvia was formerly part of the Soviet Union and
still has a large Russian-speaking minority.  But its government actively
supported Ukraine in the war against Russia, sending weapons, sheltering
Ukrainian refugees and supporting sanctions against the Kremlin. Since extending
that support, the number of cyberattacks on Latvia has increased significantly. 

To counter these threats, the country has two CERTs — one responsible for
Latvia’s cyberspace with a focus on government computer systems and critical
infrastructure, and the other for the protection of military networks.

Both of them are subordinate to Latvia’s Ministry of Defense, which Teivans says
is a big advantage. “The MOD is committed to cybersecurity and heavily supports
it legislatively and with funding,” he said.

Although Latvia is preparing for Russian attacks, Teivans doesn’t think that
they will be struck in the same way as Ukrainian targets.

“We are still at a stage where kinetic warfare is a priority for the attacking
nation, while cyber is only a tool for threat actors to gain some economic and
political advantage or a means to support kinetic operations,” he told The
Record.

 * 
 * 
 * 
 * 
 * 

Daryna Antoniuk is a freelance reporter for The Record based in Ukraine. She
writes about cybersecurity startups, cyberattacks in Eastern Europe and the
state of the cyberwar between Ukraine and Russia. She previously was a tech
reporter for Forbes Ukraine. Her work has also been published at Sifted, The
Kyiv Independent and The Kyiv Post.

Previous article Next article
Thomson Reuters notifies customers of exposed server with unprotected business
data
U.S. must step up against ‘cyber-enabled economic warfare,’ think tank urges


BRIEFS

 * Microsoft releases patches for 68 vulnerabilities, including ‘ProxyNotShell’
   zero-days November 9, 2022
 * ‘High-severity’ vulnerability found in computers used by large oil and gas
   utilities November 9, 2022
 * Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers
   November 9, 2022
 * US reissues sanctions on Tornado Cash, tying it to North Korea’s nuclear
   weapons program November 8, 2022
 * CISA expanding cybersecurity education program nationwide November 8, 2022
 * Nigerian scammer sentenced to 11 years in US prison November 8, 2022
 * Cyberattack on observatory in Chile raises concerns about security of space
   tech November 7, 2022
 * Killnet targets Eastern Bloc government sites, but fails to keep them offline
   November 7, 2022


RANSOMWARE TRACKER: THE LATEST FIGURES [SEPTEMBER 2022]



Ransomware tracker: the latest figures [September 2022]






H1 2022: MALWARE AND VULNERABILITY TRENDS REPORT



H1 2022: Malware and Vulnerability Trends Report






RUSSIAN INFORMATION OPERATIONS AIM TO DIVIDE THE WESTERN COALITION ON UKRAINE



Insikt Group: Russian Information Operations










VULNERABILITY SPOTLIGHT: DIRTY PIPE



Insikt Group: Dirty Pipe










THE BUSINESS OF FRAUD: BANK FRAUD



Insikt Group: Bank Fraud












OVERVIEW OF THE 9 DISTINCT DATA WIPERS USED IN THE UKRAINE WAR



Insikt Group: Data Wipers











 * 
 * 
 * 
 * 
 * 

 * About Us
 * Privacy Policy

© Copyright 2022 | The Record by Recorded Future