Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum

The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum.

The cache supposedly consists of 1.6 million emails containing conversations and documents marked as sensitive and highly sensitive in nature.

Bold claims about the info

To entice potential buyers, the seller leaked several documents and correspondence they claim to belong to individuals from Lithuania’s diplomatic apparatus.

In a post yesterday, the seller shared two files saying that they were email archives of conversations from top representatives of Lithuania’s embassy in Georgia.

According to the seller, the cache contains 102 PST files (Outlook Data File) converted from OST data (Offline Outlook Data File – email backups) and is around 300GB large.

If this description is accurate, the emails should come complete with attachments.

The forum user made some bold claims to drum up interest in the data. They claimed that the correspondence contained secret negotiations, conspiracy against U.S. President Biden, and “preparation for the war with Belarus.”

They also shared a large list with names that presumably work for the Lithuanian Ministry of Foreign Affairs. BleepingComputer verified that some of the names are for diplomats at various Lithuanian embassies.

Ripples of November cyberattack

The Lithuanian Ministry of Foreign Affairs on Thursday published a short statement declining to comment about the potential leak or if it genuine.

“The Ministry of Foreign Affairs is unable to confirm the veracity of the information disseminated to the public and will not comment. We see this as an information attack by unfriendly countries” – Lithuanian Ministry of Foreign Affairs

The institution was breached in November 2020 and the attack was attributed to Russian actors, but incident was not disclosed at the time.

Referring to the leak, the president of the country, Gitanas Nausėda, said this week that there is evidence showing that information was stolen in the November attack and that some of it is deemed classified.

It is unclear how much the seller is asking for the cache but some forum users expressed interest in purchasing the leak. According to them, some inboxes have about 10 years of correspondence.

Earlier today, the seller announced that they were increasing the price, likely due to higher demand for the data.