Lithuania's NATO and EU membership remained the key disinformation target, as well as strengthening of the Alliance's capability in the Baltic region, bilateral and international relations, the pursuit of energy independence, economic stability, history and ensuring social protection.

In March, 2020 when the lockdown was introduced, the number of information incidents jumped by 179 percent, and it further skyrocketed by 323 percent in April. In most cases these were conspiracy theories spread by anti-vaxxers, individual consumers or organizations, using social media as the main platform.

False information was spread that COVID-19 was allegedly an artificially-created virus and a biological weapon of the US secret services. There were also speculations on suspicions against pharmaceutical companies or government plans to start mass vaccination of people and the expansion of the 5G technology under the cover of the pandemic.

The COVID-19 situation also led to active involvement of third countries and non-state actors into spreading doubt and negative-type messages about the virus treatment, as well as attempts by various countries and international organization to bring the crisis under control.

After Lithuania expressed its doubt over the transparency of the August 9 presidential election in Belarus and voiced its support for one of the opposition leaders, Sviatlana Tsikhanouskaya, it came under wide-range information pressure. Lithuania was accused of interference with Belarus' internal matter, the organization, support and funding of protests against the regime of Belarusian President Alexander Lukashenko.

Ten hostile information operations against Lithuania, NATO and allies have been carried out since early 2020, including seven involving information and cyber incidents.

According to the Lithuanian army, last year's hostile information operations were characteristic of a wider scope, a higher level of readiness and knowledge of national and international processes.

Online websites, social media and email was mostly used as channels for carrying out attacks. During the attacks, regional media, state or municipal websites were hacked or illegally logged onto, and also emails from official institutions were imitated.