Russian military intelligence ‘was behind’ October cyberattack in Georgia

21 February 2020
An image of former Georgian President Mikheil Saakashvili was displayed on many of the hacked websites.

Russia’s military intelligence service, the GRU, was behind a massive cyberattack on Georgia in October 2019 that affected around 15,000 websites, British intelligence has alleged.

The websites affected included those of major government institutions, broadcasters, online newspapers, and private businesses. Most of the hacked websites went offline or displayed a sliding image of a smiling former Georgian President Mikheil Saakashvili with the text: ‘I’ll be back’.

[Read more about the cyberattack: Georgia hit by massive cyber attack]

The revelations were announced on 20 February by Georgia’s Foreign Ministry, who said an investigation carried out together with Georgia’s international partners had revealed that the cyber attack, ‘which infringes Georgia’s sovereignty’, came from the GRU.

More detailed information followed on the UK Governmental’s official website. It stated that the UK’s National Cyber Security Centre (NCSC) assessed with 95% certainty that the ‘large-scale, disruptive cyber-attacks’ on 28 October 2019 were carried out by Russia.

‘These cyber-attacks are part of Russia’s long-running campaign of hostile and destabilising activity against Georgia. The UK is clear that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people. The UK remains unwavering in its support for Georgia’s sovereignty and territorial integrity.’

UK Foreign Secretary Dominic Raab said that the GRU’s ‘reckless and brazen campaign of cyber-attacks against Georgia, a sovereign and independent nation’, were unacceptable.

‘The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law. The UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour’, said Raab.

According to the NCSC, the group responsible for these disruptions is known variously as the Sandworm team, BlackEnergy Group, Telebots, and VoodooBear. According to them, it is operated by the GRU’s Main Centre of Special Technologies, often referred to by the abbreviation ‘GTsST’ or its field post number 74455.

The UK Government expressed support for Georgia as a strategic partner to the UK and said that the annual Ministerial-level UK-Georgia Strategic Dialogue provided an important framework for continuing to develop ‘our strong relationship’. 

Russia’s Foreign Ministry rejected the accusations and said that there was no evidence to prove such an intervention. 

It called the accusations a ‘synchronisation of the propaganda campaign organised by Washington, London, Tbilisi, and others’.

‘It is regrettable that Georgia itself does not want to abandon the line of demonising Russia, to draw lessons from last year’s crisis. All this additionally overshadows our already complicated bilateral relations.’ 

‘We are still convinced that overcoming the existing differences and continuing the normalisation process meets the fundamental interests of the Russian and Georgian people. We understand that there are forces that this does not suit at all’, their statement said. 

International support

The revelations were followed by a wave of support for Georgia from Western countries. 

The US embassy in Georgia pledged their support and said in a statement that ‘this action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries.’

‘These operations aim to sow division, create insecurity, and undermine democratic institutions’.

The US called on Russia ‘to cease this behaviour in Georgia and elsewhere’.

‘The stability of cyberspace depends on the responsible behaviour of nations.  We, together with the international community, will continue our efforts to uphold an international framework of responsible state behaviour in cyberspace’, they said adding that additional capacity building and technical assistance to help strengthen Georgia’s public institutions and improve its ability to protect itself from these kinds of activities would follow.

Norwegian Foreign Ministry tweeted that they shared concerns about cyber operations in Georgia. 

‘Respect for norms, rules and principles for responsible state behaviour is essential to maintain international peace and stability in cyberspace’, said Norvegian Foreign Minister. 

Similar supporting statements followed from Lithuania, Denmark, the Netherlands, Australia, and others.

Fierce, independent journalism

Let’s be honest, the media situation in the Caucasus is grim. Every day we are accused of ‘serving the enemy’ whoever that enemy may be. Our journalists have been harassed, arrested, beaten, and exiled. But nevertheless, we persevere. For us this is a labour of love. Unfortunately, we cannot run OC Media on love alone, journalism is expensive and funding is scarce. Our sole mission is to serve the interests of all peoples of the region. Support us today and join us in the fight for a better Caucasus.

Support Us