Continuing its attacks on Lithuania, the NoName hacker group has now targeted the country’s aviation sector, claiming the KlasJet Airlines, DAT LT, Avion Express and Heston Airlines cyber attack.
While six of the eight targets listed by the NoName hacker group were seemingly not impacted by the alleged cyber attack, the official websites of Heston Airlines and Achemos Grupe displayed an error message.
The Cyber Express has contacted the named entities for confirmation. We will update this report based on their reply.
Websites listed alongside the Heston Airlines cyber attack
The websites that were allegedly attacked by the NoName hacker group were mostly related to air travel. The Cyber Express checked their accessibility status of them and made the following observations –
- Heston Airlines – not accessible
- KlasJet Airlines – accessible
- Achema, Lithuanian chemical plant – accessible
- Achemos Grupe – not accessible
- Akropolis Group, a Lithuanian company – accessible
- Baltic News Service – accessible
- Avion Express, a Lithuanian airline – accessible
- DAT LT, a Lithuanian airline – accessible
Modus Operandi of the NoName hacker group
The pro-Russian hacker group launches Distributed Denial of Service (DDoS) attacks on targets and claims the same on its website.
Earlier, the group named the Lithuanian parliament, the Lithuanian company Litgrid AB, and the e-services company Seimas on its target list.
The Kaliningrad city in Russia and the Heston Airlines cyber attack
The tension began when the EU put restrictions on Russian truck movements in April. The ban applied to all the transit of goods that fell into the EU sanctions.
The ban affected 50% of all the transit including fertilizers, alcohol, caviar, and wood among other commodities. Certain other transportation was allowed periodically, for example, the carrying of petroleum products through Lithuania.
Reacting to the restrictions, the representative of the Ministry of Foreign Affairs of the Russian Federation Maria Zakharova said that Lithuania acted aggressively and has gone beyond their lines.
The group showed support towards the Killnet group for the tip on the websites of Lithuania.
Killnet was also targeting Lithuanian websites alongside NoName. The group even called other hackers to destroy Lithuanian network infrastructure.
NoName hackers targeting Lithuania
More recently, NoName has claimed the Lithuanian agricultural companies including the Linas Agro Group. They also named the website of Kauno Energija and its subdomain, which is an energy company.
The Lithuanian Riflemen’s Union was also named by the hacker group.
The Heston Airlines cyber attack and the state of Lithuanian cybersecurity
According to a report, Lithuania had nearly 2.22 million internet users in January 2021.
The number of internet users in the country fell by 1,236 between 2020 and 2021. “Internet penetration in Lithuania stood at 82.0% in January 2021,” the report concluded.
Despite the findings, Lithuania stands among the most assessed areas for legal regulation and the development of cybersecurity facilities. T
he country had a score of 97.3 and was sixth among other nations globally, according to the Global Cybersecurity Index (GCI) published in June 2021.
NoName, Russia, and beyond
“NoName057(16) operate through Telegram to claim responsibility for their attacks, mock targets, make threats, and generally justify their actions as a group,” reported cybersecurity firm SentinelOne.
“Interestingly, NoName057(16) makes attempts to teach their followers through educational content such as explaining basic industry jargon and attack concepts.”
In a recent incident, the group disrupted services in the financial sector of Denmark, highlighting the potential risks cyberattacks pose to critical infrastructure.
In addition to targeting Ukrainian organizations, NoName has also focused on businesses and organizations in Poland, Lithuania, and other countries.
The group gained attention when they targeted the websites of candidates running in the 2023 Czech presidential election, starting on January 11. This information was reported by cybersecurity firm SentinelOne.
Initially, the group’s attacks were aimed at Ukrainian news websites but later shifted towards targets associated with NATO, as mentioned in the SentinelOne report.
One of their notable attacks was the March 2022 DDoS attacks on Ukrainian news and media websites like Zaxid and Fakty UA. The group’s motivations appear to revolve around silencing what they perceive as anti-Russian sentiment.