A huge cyber-attack which knocked out more than 2,000 websites in the country of Georgia last year was carried out by Russia, according to Georgia, the UK and the US.
The UK government says that the GRU (Russian military intelligence) was behind the “attempt to undermine Georgia’s sovereignty”.
Foreign Secretary Dominic Raab described it as “totally unacceptable”.
Russia’s Foreign Ministry denied any involvement, the RIA news agency said.
The UK’s National Cyber Security Centre (NCSC) found that the GRU was “almost certainly” behind the attacks, which affected pages including Georgia’s presidential website and the country’s national TV broadcaster. It said the attack was the first significant example of GRU cyber-attacks since 2017.
Previous GRU cyber-attacks
- December 2015: An attack on part of Ukraine’s electricity grid left 230,000 people without power for between one and six hours
- December 2016: A malware designed specifically to disrupt electricity grids led to a fifth of the Ukrainian capital Kyiv losing power for an hour
- June 2017: A destructive cyber-attack targeted the Ukrainian financial, energy and government sectors. It also affected other European and Russian businesses
- October 2017: The Kyiv metro and Odessa airport, as well as Russia’s central bank and two Russian media outlets, were disrupted after ransomware encrypted hard drives
Source: UK Foreign and Commonwealth Office
The UK said Russia had sought to “sow discord and disrupt the lives of ordinary Georgian people”.
“The Russian Government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law,” Mr Raab said.
US Secretary of State Mike Pompeo also condemned the attacks, saying: “The United States calls on Russia to cease this behaviour in Georgia and elsewhere.”
In many cases, website homepages were replaced with an image of former President Mikheil Saakashvili, and the caption “I’ll be back”.
This is the latest element of an ongoing campaign of pressure by the UK against Russian intelligence since the poisoning of the former Russian spy Sergei Skripal in Salisbury two years ago. The aim is to try and deter Russian activity by exposing it.
A notable aspect of this attribution is that it relates to events which took place relatively recently, in October 2019. One of the targets was Georgian broadcasters.
The GRU’s targeting of broadcasters goes back at least to 2015 and a takedown of the French TV5Monde channel. That led to concern about what they might do against other broadcasters in other countries.
This is seen as part of Russia’s tactics of hybrid warfare, or grey-zone activities, which are designed to destabilise countries.
The problem for the UK, though, is that so far there is little sign of the GRU being deterred.
A key test will come with the US election this year, and whether it attempts to interfere in that as it was accused of doing in 2016.
“The scale of this attack is something we haven’t seen before,” Prof Alan Woodward, cyber-security expert at Surrey University in the UK, said at the time of the Georgia attack.
During the brief 2008 Russian-Georgian conflict, Georgia accused Moscow of carrying out cyber-attacks against its government, although Russia denied this.
The war broke out after Georgia attempted to recapture South Ossetia, which had fought a separatist war against Georgia in the 1990s. Russian forces then entered the country and seized control of the Georgian territories of South Ossetia and Abkhazia.
Who is Mikheil Saakashvili?
Mr Saakashvili served two terms as president in Georgia between 2004 and 2013.
He gave up his Georgian citizenship in 2015, when he became governor of Ukraine’s Odessa region.
He was deported from Ukraine in 2018 after falling out with his predecessor – but his Ukrainian citizenship was restored in May 2019.
Mr Saakashvili is wanted in Georgia on criminal charges, which he claims are politically motivated.