Russia’s GRU Blamed For Huge Cyberattack On Georgia

Russian internet © Pavel Ignatov Shutterstock 2012

The United Kingdom and the United States have called out Russia’s campaign of “unacceptable cyberattacks against Georgia”

The United States and the United Kingdom, as well as Georgia have today officially blamed Russia’s military intelligence agency GRU for a massive cyberattack.

In October 2019, thousands of websites in the former Soviet republic of Georgia were knocked offline in a widespread cyberattack. The attack also impacted national TV stations (Imedi and Maestro), as well as court websites.

In many cases, website home pages were replaced with an image of former Georgia President Mikheil Saakashvili, and the caption “I’ll be back”.

Russian special forces © Darren Baker, Shutterstock 2012

GRU blamed

Saakashvili was in power in Georgia between 2004 and 2013, and served two terms as president of that country.

He is known for his pro-Western leanings, but he is now a Ukrainian citizen, after leaving Georgia in 2013, citing a political witch-hunt against him on corruption charges.

The attack last October was said to have impacted up to 15,000 websites in Georgia, including government websites, newspaper, banks, courts, and TV stations.

At the time of the attack, there was social media speculation that Russia might be involved.

And now the UK, US and Georgia have officially pinned the blame on Russia’s GRU for the “significant” cyberattack against the country.

“The National Cyber Security Centre (NCSC) assesses with the highest level of probability that on 28 October 2019 the GRU carried out large-scale, disruptive cyber-attacks,” announced the British government on Thursday.

“These were against a range of Georgian web hosting providers and resulted in websites being defaced, including sites belonging to the Georgian Government, courts, non-government organisations (NGOs), media and businesses, and also interrupted the service of several national broadcasters,” the government said.

The British said these cyberattacks are part of Russia’s long-running campaign of hostile and destabilising activity against Georgia.

“The UK is clear that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people,” the UK said.

And Russia’s actions have been condemned by the Foreign Secretary Dominic Raab.

“The GRU’s reckless and brazen campaign of cyberattacks against Georgia, a sovereign and independent nation, is totally unacceptable,” said Raab. “The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law.”

Russian aggression

“The UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour,” said Raab.

Russia’s Foreign Ministry denied any involvement, the RIA news agency was quoted by the BBC as saying.

Russia has previously been blamed for a cyberattack in December 2015 that left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours.

Then again in December 2016, Ukraine began an investigation after a cyberattack left the northern part of Kiev without power. Again, Russia was identified as the culprit.

Another attack in June 2017 saw Ukrainian financial, energy and government sectors targetted, and then in October of that same year the Ukrainian metro and airport was also hit.

A security expert agreed that the Georgia attack does follow a pattern.

“The attacks in Georgia which were just attributed to Sandworm, the Russian actor behind NotPetya and the blackouts in Ukraine, are consistent with their prior behavior,” said John Hultquist, senior director, intelligence analysis at FireEye.

Russian ‘Sandworm’ Hackers Targeted NATO, EU, Poland

“Attacks on media are a regular feature of Sandworm campaigns,” said Hultquist. “Prior to the first blackout in Ukraine, they took media offline during their election there.”

“It’s very notable that Sandworm has been finally officially tied to GRU Unit 74455, confirming our prior analysis that it is one of the two GRU units that collaborated in 2016 election interference,” said Hultquist.

“In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organisation was behind an attack on the Pyeongchang Olympics,” said Hultquist. “Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year.”

Do you know all about security? Try our quiz!