Massive Cyberattack Slams Country of Georgia2,000 Sites Knocked Offline in Suspected State-Sponsored Attack
The country of Georgia on Monday was hammered by cyberattacks that appeared to disrupt access to at least 2,000 government, news media and court websites, according to news reports.
See Also: Automating Security Operations
Georgian President Salome Zurabishvili's spokeswoman, Sopho Jajanashvili, told news outlet AFP on Monday that the president's website was "attacked by hackers this afternoon" and that "law enforcement agencies are investigating the incident."
Many sites saw their homepages replaced by a picture of self-exiled former President Mikheil Saakashvili in front of a Georgian flag, captioned with the phrase "I'll be back."
"The scale of this attack is something we haven't seen before," cybersecurity expert Alan Woodward, a professor of computer science at the University of Surrey, tells the BBC (see: Stung by Takedowns, Criminals Tap Distributed Dark Markets). "With the scale and the nature of the targets, it's difficult not to conclude that this was a state-sponsored attack," he said, while noting that the identity of the attacker remains unknown.
Georgia suffered a major attack. Over 2,000 sites penetrated and taken down including government, law enforcement and media. This took some serious resources to orchestrate and sent a very scary message.— Alan Woodward (@ProfWoodward) October 28, 2019
Online news site News Georgia, based in the country's capital of Tbilisi, reports that local television broadcasters Maestro and Imedi were both affected by the attacks, with Imedi reporting that its TV channel was offline for 20 minutes before being restored. Other major TV stations, including Pirveli, reportedly were also disrupted.
News Georgia reports that the attack left some of Imedi's equipment inoperative, causing it to rely on emergency backup equipment. In addition, it says operations at Maestro have been disrupted, with the station continuing to broadcast in emergency mode, and transmissions only being possible from within the television studio, with no live, remote link-ups with journalists outside the studio.
IT Service Provider Targeted
At least some of the Monday attack focused on a Georgian IT service provider Pro-Service, which hosts government and other sites, including those of media outlets.
"The effects of this massive cyberattack have been eliminated," Pro-Service says in a notice posted on its website on Tuesday. "Yesterday, October 28, one of the largest cyberattacks against the cyber space of Georgia occurred at dawn. As a result of the attack, a large portion of Pro-Service website servers were compromised."
The company says that by 3 p.m. Georgian time on Tuesday, all of its affected sites had been restored. Pro-Service says it's assisting the country's interior ministry, including its cybersecurity department, to identify the root cause of the outage.
One obvious potential culprit for the attacks against Georgia would, of course, be Russia, which has previously launched politically motivated cyberattacks against the government sectors of former Soviet states, including Estonia (see: Black Hat Europe: The Power of Attribution).
Georgia is a U.S. ally, and since 2011, it has been an "aspirant country" in terms of its potential membership in NATO. It's also been engaged in a months-long spat with Moscow. After a Russian legislator's address to the Georgian parliament triggered protests, Georgia on June 20 temporarily blocked all flights originating from Russia. In response, Russian President Vladimir Putin on June 21 ordered that starting July 8, Russian carriers were barred from operating flights between Russia and Georgia.
The Monday cyberattack against Georgia echoes cyberattacks launched against the country in 2008, weeks before the country was invaded by Russia over Georgia's "breakaway provinces" of South Ossetia and Abkhazia. At the time, Moscow said it wasn't responsible for the cyberattacks, but it suggested that some Russian individuals may have been independently involved.
More recently, Moscow has been blamed by the U.S. intelligence establishment for campaigns aimed at disrupting the 2016 U.S. presidential election (see: Russia Targeted All 50 States During 2016 Election: Report).
Russian hacking teams have also been tied to disruption attempts targeting Germany, France and beyond (see: Au Revoir, Alleged Russian 'Fancy Bear' Hackers).
'I'll Be Back'
The website defacements in Monday's attacks featured a photograph of former President Saakashvili, who founded Georgia's United National Movement, which espouses close ties with NATO and the EU and advocates for South Ossetia and Abkhazia remaining part of the country. Saakashvili served as Georgia's president for two consecutive terms, from January 2004 to November 2013.
In 2012, the United National Movement suffered a massive defeat at the polls to the Georgian Dream party. Since 2013, Saakashvili has lived in self-imposed exile in Ukraine, and in 2015 was appointed governor of Ukraine's Odessa region, which required that he renounce his Georgian citizenship.
Georgian Dream remains Georgia's ruling party. It's headed by billionaire businessman Bidzina Ivanishvili, who currently has no official position, although he served as the country's prime minister from October 2012 to November 2013. But Georgian Dream's popularity has fallen in recent months after the public responded negatively to its attempts to improve relations with Russia.
Since 2013, many Georgian ex-officials have been jailed on charges that include abuse of power. Saakashvili remains wanted in Georgia on criminal charges, which he says are politically motivated, the BBC reports. In February 2018, however, his Ukrainian citizenship was stripped and he was deported to Poland, before relocating to the Netherlands. But in May, the new Ukrainian president, Volodymyr Zelensky, restored Saakashvili's citizenship. The same month, Saakashvili returned to Ukraine, saying he has no further political ambitions.