The UK, Georgia and international partners have exposed the responsibility of the GRU – Russia’s military intelligence service – for a number of significant cyber-attacks against Georgia last year.
The biggest attack, on October 28, forced thousands of websites in Georgia offline and left two national television stations, Imedi and Maestro, unable to broadcast for several hours.
The UK’s National Cyber Security Centre (NCSC) has said that the GRU was “almost certainly” (more than 95 per cent) responsible.
According to the NCSC, the cyber programme responsible for these disruptions is known in open source variously as the Sandworm team, BlackEnergy Group, Telebots, and VoodooBear. It is operated by the GRU’s Main Centre of Special Technologies, often referred to by the abbreviation ‘GTsST’ or its field post number 74455.
The attacks are part of Russia’s long-running campaign of hostile and destabilising activity against Georgia. The UK government has said that it is clear that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people.
“The GRU’s reckless and brazen campaign of cyber-attacks against Georgia, a sovereign and independent nation, is totally unacceptable,” said the UK’s foreign secretary, Dominic Raab. “The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law. The UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour.”
The findings of the NCSC, which will come as no surprise in Georgia, has brought new condemnation of Russia from within the country.
“Russia’s recentto cause destructive effects in ‘s sovereign territory demonstrates their desire to act without regard to international norms. This unlawful act must draw strong condemnation of the international community,” said the Georgian foreign ministry in a statement.
Mike Pompeo, the US secretary of state, also condemned the attack.
“This action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries,” he said in a statement. “These operations aim to sow division, create insecurity, and undermine democratic institutions. The United States calls on Russia to cease this behavior in Georgia and elsewhere. The stability of cyberspace depends on the responsible behavior of nations. We, together with the international community, will continue our efforts to uphold an international framework of responsible state behaviour in cyberspace.”
The foreign minister of Estonia, Urmas Reinsalu – itself the target of a huge Russian cyber-attack in 2007 – added his own condemnation and said that Estonia was committed to the development of a cyber stability framework.
Since the 2007 attack, Estonia has become a global heavyweight in cyber security-related knowledge, advising many other states on the matter. On Wednesday, Estonia led a strategic cyber exercise for members of the NATO Parliamentary Assembly in Brussels, the aim of which was to enact a realistic cyber incident and find possible solutions.
Relations between Tbilisi and Moscow are currently at their lowest ebb since Russia invaded Georgia in 2008, leading to a short war.
Russia’s armed forces continue to occupy one fifth of Georgian territory.
In January, Georgia’s minister for reconciliation and civic equality Ketevan Tsikhelashvili said at a session of the European Parliament’s Foreign Relations Committee that the number of Russian military personnel in the occupied Abkhazia and the Tskhinvali regions had recently increased from 8,000 to 10,000.
Last year, in a bid to harm Georgia’s booming tourist industry, Russia banned its airlines from flying to Georgia. The tactic has backfired spectacularly, however, with Georgia welcoming a record number of visitors in 2019: more than 9.5 million.
Russia’s airlines, however, have taken a hit, incurring heavy losses.