The US and UK governments have issued official statements today formally accusing Russia’s military intelligence agency, GRU, with carrying out a coordinated cyber-attack on thousands of Georgian websites in October 2019.
The incident, widely reported at the time, was considered the largest cyber-attack in the former Soviet country’s history.
More than 15,000 Georgian websites defaced
According to a report at the time, unidentified hackers broke into at least one web hosting provider and defaced more than 15,000 websites with an image of former Georgian President Mikheil Saakashvili, with the text “I’ll be back” overlaid on top (see image above).
The former Georgia President was known for his fierce pro-Western agenda but is now a Ukrainian citizen after leaving Georgia in 2013, citing a political witch-hunt on corruption charges.
The messages were reported as appearing on sites for the Georgian government, courts, NGOs, news media, and local businesses. In some cases, the web host disruption also took down broadcasting services for some radio and TV stations.
But while the attack and its aftermath was superficial and easily reversible, the mass-defacements caused and an endless stream of political tensions and discussions inside Georgia, primarily due to the use of Saakashvili’s photo.
“These cyber-attacks are part of Russia’s long-running campaign of hostile and destabilising activity against Georgia,” UK Foreign Secretary Dominic Raab said today.
“The UK is clear that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people.”
“The United States calls on Russia to cease this behavior in Georgia and elsewhere. The stability of cyberspace depends on the responsible behavior of nation,” said US Secretary of State Mike Pompeo.
Fifth time allies call out Russia’s GRU
Today’s statement is not the first time the US, UK, and their allies have accused Russia’s military intelligence of orchestrating cyber-attacks against foreign governments. Previously, allies have called out Russia’s GRU for cyber-attacks such as:
- BlackEnergy: December 2015 shut off part of Ukraine’s electricity grid, with 230,000 people losing power for between 1 – 6 hours.
- Industroyer: December 2016 shut off part of Ukraine’s electricity grid, also known as CrashOverride. It resulted in a fifth of Kyiv losing power for an hour. It is the first known malware designed specifically to disrupt electricity grids.
- NotPetya: June 2017 destructive cyber-attack targeting the Ukrainian financial, energy and government sectors and affecting other European and Russian businesses
- BadRabbit: October 2017 ransomware encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, Russia’s central bank, and two Russian media outlets
Furthermore, the October 2019 mass-defacements are not the first time Russia’s state hackers attacked Georgia.
During the five-day Russo-Georgian War of 2008, Georgia saw a series of similar attacks. Russian hackers used BGP hijacking to reroute Georgian internet traffic through servers in Russia, defaced government websites, and hacked TV and radio stations.
Article updated shortly after publication to include US official statemment.