Russia Blamed for Massive Cyber Attack Against Nation of Georgia in 2019

By Jake Rudnitsky and | February 21, 2020

Georgia accused Russian military intelligence of organizing a “paralyzing” cyber attack last year and called for a reaction by the international community.

Russia’s GRU was behind the “large-scale” October 2019 attack that targeted the presidential administration, various government bodies and media outlets in an attempt undermine its European integration, according to a Foreign Ministry statement Thursday.

Estonia, the U.S. and the UK joined Georgia in attributing the attack to the GRU, while Poland and the Czech Republic promised to help Tbilisi develop cyber defenses. Deputy Foreign Minister Andrey Rudenko denied Russia was behind the attacks, RIA Novosti reported.

We stand with #Georgia in condemning Russia’s cyber attack against its people and institutions. Russia must immediately cease this behavior in Georgia and elsewhere. The stability of #cyberspace depends on the responsible behavior of all nations.
— Secretary Pompeo (@SecPompeo) Feb. 20, 2020

The attribution of a cyber attack by EU member states could pave the way for sanctions, including travel bans and asset freezes, against Russian individuals, agencies, or companies, according to a new “cyber-sanctions regime” adopted by the bloc in 2019. Such measures, which would aim to “deter and respond to cyber-attacks which constitute an external threat to the EU,” are subject to unanimous approval by the bloc’s member states, which is often difficult to achieve on foreign policy matters.

Estonia hasn’t made a decision yet whether it will seek sanctions, Mart Luik, an adviser to the foreign minister, said via text message. The EU is expected to issue a joint statement on Friday, according to two diplomats familiar with the matter.

NEWS: The UK, Georgia and international partners have exposed Russia’s military intelligence service as being responsible for significant cyber-attacks against Georgia last year.
— Foreign Office (@foreignoffice) Feb. 20, 2020

The GRU has been implicated in numerous hacking scandals around the globe, including the Democratic National Committee breach that roiled the 2016 U.S. presidential elections and the NotPetya ransomware that Merck & Co. claimed cost it $1.3 billion in losses the following year. Russia has denied involvement.

The GRU hacking group responsible — based on the U.S. State Department attribution — is known in the cybersecurity community as Sandworm. It is an “advanced adversary” that deploys custom and destructive malware in attacks with a particular focus on “targeting entities in the Ukraine,” including the country’s energy sector, according to research by the cyber-security firm Crowdstrike Inc.

Sandworm is also believed to be the organization behind the attack on the 2018 Winter Olympics in South Korea, according to the cyber-security firm FireEye Inc. “Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year,” said John Hultquist, the senior director of intelligence analysis at the firm.

–With assistance from Ott Ummelas and Milda Seputyte.

Was this article valuable?

Here are more articles you may enjoy.