Russian Military Unit Behind Huge Cyberattacks on Georgia

Georgia attributed a massive cyberattack, which knocked over 2,000 websites offline and disrupted national broadcast services, to Russia on February 20. The United Kingdom and the United States also blamed Russia for the incident.

The attacks, which occurred last October, took aim at a range of web providers, thousands of websites belonging to the Georgian government, courts, media, banks, and businesses, and the country’s national television broadcaster. During the attack, websites’ content was replaced with an image of former-President of Georgia Mikheil Saakashvili giving a thumbs-up under the slogan “I’ll be back!” Saakashvili was president during a five-day war with Russia in 2008, in which Georgia lost control of a fifth of its territory.

The attack "was intended to harm Georgian citizens and government structures by disrupting and paralysing the functionality of various organizations, thereby causing anxiety among the general public," said Georgian Foreign Ministry spokesman Vladimer Konstantinidi.

“Georgia condemns this cyber attack, which goes against international norms and principles, once again infringing Georgia’s sovereignty in order to hinder the country’s European and Euro-Atlantic integration and democratic development,” a Georgian government statement read.

This “reckless cyber attack” was an “intolerable act attempting to undermine [Georgia’s] sovereignty,” and the country "deeply appreciate[s] the vocal support from our partners and allies around the world," Georgian Prime Minister Giorgi Gakharia tweeted.

The GRU, Russia’s military intelligence service, was almost certainly behind the attacks, according to Britain’s National Cyber Security Centre, which worked with Georgia to identify the perpetrators. This incident was the first significant GRU cyberattack since 2017, carried out as part of a campaign to destabilize the pro-Western Caucasus state.

The Sandworm team, a unit within the GRU that is said to have perpetrated the attacks, is also known as BlackEnergy, TeleBots, and VoodooBear and was responsible for a 2017 attack on Ukraine that resulted in huge infrastructural damages. Cybersecurity firms have also accused Sandworm of attacking American and French elections, as well as the 2018 Winter Olympics in South Korea.

Russia’s Foreign Ministry denied the allegations. “Russia did not plan and is not planning to interfere in Georgia's internal affairs in any way," Deputy Foreign Minister Andrei Rudenko told the Russian state-sponsored RIA news agency.

Georgia and Russia have a fraught relationship, as Georgia is seeking to join Western organizations like the European Union and NATO, which Moscow strongly opposes. Violent protests took place outside Parliament in Tbilisi in summer 2019 when a Russian politician planned to speak in an assembly. In response, Russian President Vladimir Putin delivered a blow to the country’s tourism industry by banning all direct flights from Russia to Georgia.