Russia’s GRU behind cyber attacks targeting Georgia, says UK

Russia’s GRU behind cyber attacks targeting Georgia, says UK

The GRU uniform badge

The UK Foreign Secretary Dominic Raab issued a scathing criticism of Russian military intelligence service GRU, stating that the agency was behind multiple cyber attacks targeting Georgia in October last year.

In a statement issued Thursday, the Foreign Secretary stated that on 28 October last year, GRU carried out multiple cyber attacks targeting web hosting providers in Georgia. These attacks resulted in the defacement of websites belonging to “the Georgian Government, courts, non-government organisations (NGOs), media and businesses, and also interrupted the service of several national broadcasters.”

The statement came in response to the National Cyber Security Centre being almost certain (95%+) that the cyber attacks that took place in Georgia last year were carried out by GRU. The cyber security watchdog found that GRU’s Main Centre of Special Technologies ran the cyber programme known variously as the Sandworm team, BlackEnergy Group, Telebots, and VoodooBear.

GRU also targeted WADA, political institutions, and businesses: NCSC

This is not the first time that NCSC has identified GRU’s involvement in cross-border cyber operations. In October 2018, it noted that GRU was behind a large number of "indiscriminate and reckless cyber attacks" on political institutions, businesses, media, and sports organisations. A number of these cyber attacks targeted the World Anti-Doping Agency (WADA), political institutions to destabilise democracies, and businesses.

It added that GRU actively supported a number of infamous Russian hacker groups such as APT 28, Fancy Bear, Sofacy, Pawnstorm, STRONTIUM, Sandworm, Sednit, CyberCaliphate, Voodoo Bear, Cyber Berkut, and BlackEnergy Actors.

Commenting on NCSC’s latest findings, Foreign Secretary Raab said that “the GRU’s reckless and brazen campaign of cyber-attacks against Georgia, a sovereign and independent nation, is totally unacceptable and that “the UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour.”

“The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law,” he added.

According to UK agencies and the government, GRU was previously involved in a number of large-scale cyber operations. These included the BlackEnergy operation that targeted Ukraine’s electricity grid in December 2015, the Industroyer malware campaign that resulted in a fifth of Kyiv losing power in December 2016, the NotPetya ransomware campaign targeting the Ukrainian financial, energy and government sectors in June 2017, and the Badrabbit ransomware campaign in October 2017.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles