Georgia’s Reforms Associates (GRASS) Statement on Russia’s Cyber-Attack Against Georgia on October 28, 2019

28 February, 2020

On October 28, 2019, a large-scale cyber-attack was carried out against Georgia. Its targets included the servers belonging to a company - “Proservice”, which hosts the web-pages of the Georgian government and those of private companies and media organizations. The cyber-attack knocked out up to 15,000 web-pages, including the ones belonging to the president of Georgia, courts, various city assemblies and to the other NGOs or media outlets. As a result of the cyber-attack, the official site home pages of the various organizations were defaced using the image of the 3rd President of Georgia, Mikheil Saakashvili, with an inscription saying “I’LL BE BACK”. It was clear from the very beginning, that the hostile action was not a minor hacking operation, but rather a large-scale cyber-attack, which aimed at destabilizing the country.

On October 28, the Ministry of Internal Affairs of Georgia (MIA) launched an investigation under the articles 284 and 286 of the criminal code of Georgia, on the illegal use and unauthorized handling of the computer data or computer system. On October 29, the MIA made an additional statement, in which it said the cyber-attack could have been carried out from the territory of Georgia, as well as from abroad.

On October 30, when asked by the journalists on the matter, the minister Vakhtang Gomelauri of the MIA stated the following: “cyber-crimes happen in all the countries and it represents one of the most challenging issues of the 21st century”. In addition, according to him, together with the MIA and the State Security Service of the country, Georgia’s allies were also a part of the investigation process. Despite the scope of the cyber-attack, further statements by other high level officials of the government were not made.

On February 20, 2020, the Ministry of the Foreign Affairs of Georgia (MFA) issued a statement, in which the responsibility for carrying out the large-scale cyber-attack against Georgia on October 28 was attributed to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The ministry assessed the cyber-attack to have targeted Georgia’s national security. It also blamed Russia for the intention of harming Georgian citizens and government structures by disrupting and paralyzing the functionality of various organizations, causing anxiety among the general public.

The statement of the MFA of Georgia was followed by the statements made by the UK Foreign Office and the US Department of State. The UK’s National Cyber Security Center (NCSC), which was a part of the investigation, together with Georgia’s other international partners, established, that on October 28, 2019, the GRU carried out large-scale, disruptive cyber-attacks. According to the NCSC, it was the first significant example of the GRU using cyber-attacks to disrupt or destroy since the attacks on Ukraine in 2015, 2016 and 2017.

According to the statement made by the UK, these cyber-attacks are part of Russia’s long-running campaign of hostile and destabilizing activity against Georgia. The UK underscored, that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people. Besides the UK and the US, up until now, the Netherlands, Denmark, Poland and Lithuania have attributed the cyber-attack to Russia.

The representatives of the Georgian political parties have also made the statements of supporting the result of the investigation and attributed the cyber-attack to Russia. The exception was the chairperson Nino Burjanadze of the “Democratic Movement – United Georgia”, which despite the results of the joint investigation of the UK, Georgia, the US and that of other international partners, refused to accuse Russia for its role in the large-scale cyber-attack targeting Georgia’s sovereignty.

Russian orchestrated large-scale cyber-attack demonstrates, that Georgia remains one of the main targets of Russian hybrid warfare. It is therefore likely that the hostile actions like the ones witnessed in October will only intensify during the 2020 parliamentary election. It should also be noted, that on February 17, Estonian Foreign Intelligence Service published a report – “International Security and Estonia” - which underscores the high possibility of Russia to intervene in the parliamentary election of Georgia in 2020.

Considering all the above mentioned, it is important the Georgian government to fully recognize the urgency of the Russian hybrid threats, including the cyber and the propaganda/disinformation related ones and to develop and implement effective and comprehensive policies that would prevent these challenges and increase Georgia’s resilience against them. This obviously requires mobilizing the resources for countering Russian hostile activities, rather than pursuing narrow party interests, such as the malign propaganda campaigns used against the political adversaries and the civil society. In this context, the Parliament of Georgia should approve the final report of the Thematic Inquiry Group on Disinformation and Propaganda at the earliest opportunity and start implementing the given recommendations, which also include steps for developing an effective and coordinated system for countering hybrid threats.