Russian military behind cyberattacks on Georgia

The GRU – the General Staff of the Armed Forces of Russia – stands behind the large-scale cyber attack on Georgia of October 2019, when government and other websites were hacked. 

“We see the cyber attack as an attempt on the territorial integrity and sovereignty of Georgia,” said Foreign Minister David Zalkaliani.

Even the specific GRU unit that carried out the cyber attack has been established: the main center for special headquarters intelligence technologies (GTsST), also known as “Unit 74455”, or ‘Worm’ in Russian.

This information was released on February 20 by the Georgian Foreign Ministry. The British and US embassies issued special statements as well.

The diplomatic departments called on Moscow to stop such actions both against Georgia and against other states.

US Secretary of State Michael Pompeo and British Foreign Minister Dominic Raab also reacted to the incident.

We stand with #Georgia in condemning Russia’s cyber attack against its people and institutions. Russia must immediately cease this behavior in Georgia and elsewhere. The stability of #cyberspace depends on the responsible behavior of all nations. https://t.co/4RnWrSOlBp

— Secretary Pompeo (@SecPompeo) February 20, 2020

The attack in question occurred on October 28, 2019, when hundreds of Georgian websites were paralyzed.

In addition to the government sites mentioned, Imedi and Maestro television companies were forced to interrupt their broadcasting, who claim they suffered serious financial and technical losses.  

In all cases, photographs of former Georgian President Mikheil Saakashvili with the inscription “I’ll be back” (“I’ll be back”) appeared on hacked sites.

Hack after the 2008 war

Georgia is one of the first countries to become a victim of a cyber attack by Russia. 

Massive cyber attacks on Georgian information space became a regular occurrence starting in 2008, immediately after the end of the acute phase of the August Georgian-Russian war around South Ossetia.

On August 8, 2008, the sites of the president of Georgia, the government, the Foreign Ministry and the parliament were targeted in an attack.  At the same time, information portals were attacked, as well as news sites with a positive attitude towards Georgia (for example, kasparov.ru) and forums.

On August 9, TBC Bank, the largest commercial bank of Georgia at that time, was attacked.

On August 11, 2008, not a single government site worked. The presidential website was defaced, with fascist symbols and a photograph of Saakashvili, stylized as Hitler, appearing on the homepage. 

The sites of the National Bank and the Ministry of Foreign Affairs were subjected to attacks of the same type – photos of dictators of the 20th century appeared there. 

A few years ago, the Russian publication Meduza conducted a large-scale investigation of the hacker war that Russia waged in 2008 against Georgia.  

The publication writes that it was after the attack that the Russian intelligence services began cooperation with ‘patriotic’ hackers.

They often use them for various work – sometimes they force them, sometimes they work voluntarily. 

It was the scheme tested in Georgia that the Russian special services used in 2016 when hacking the servers of the US Democratic Party.  And in this case, the operation was carried out using freelancers from among hacker patriots.

The publication writes that Russia launched DOS attacks on government websites in Georgia two weeks before the August war, when the situation in the conflict zone in South Ossetia began to escalate.

 Meduza writes that in the days of the war, the first hacker attack on Georgian government sites was carried out by Khabarovsk hacker Leonid Stoikov.  At first, he acted on his own initiative, having watched a TV and wishing to help his homeland in the fight against Georgia.

In an interview with Meduza, Stoikov, aka R0id, admits that it was he who hacked the website of the Georgian parliament and posted a photo of Georgian President Mikheil Saakashvili with Adolf Hitler and the caption: “And he will end like that.”

 On August 9, patriotic Russian hackers created a special web page called Stopgeorgia.ru.

 On this page, they advised other Russian hackers which particular Georgian sites to attack, laid out the necessary links, etc.

 As a result, up to 30 hackers gathered on this site.  They call themselves representatives of the hack underground and become distributors of ambiguous patriotic slogans.

 Stopgeorgia.ru continued anti-Georgian activity in 2009, when a memorial to a Soviet soldier was blown up in Kutaisi, which interfered with the construction of the building.  Then the hackers again attacked the government sites of Georgia.

 “We will not allow the destruction of our historical past,” they wrote in those days and called on other hackers to start a war with the Georgian government.