Russia’s GRU behind cyber attacks targeting Georgia, says UK

The UK Foreign Secretary Dominic Raab issued a scathing criticism of Russian military intelligence service GRU, stating that the agency was behind multiple cyber attacks targeting Georgia in October last year.

In a statement issued Thursday, the Foreign Secretary stated that on 28 October last year, GRU carried out multiple cyber attacks targeting web hosting providers in Georgia. These attacks resulted in the defacement of websites belonging to “the Georgian Government, courts, non-government organisations (NGOs), media and businesses, and also interrupted the service of several national broadcasters.”

The statement came in response to the National Cyber Security Centre being almost certain (95%+) that the cyber attacks that took place in Georgia last year were carried out by GRU. The cyber security watchdog found that GRU’s Main Centre of Special Technologies ran the cyber programme known variously as the Sandworm team, BlackEnergy Group, Telebots, and VoodooBear.

GRU also targeted WADA, political institutions, and businesses: NCSC

This is not the first time that NCSC has identified GRU’s involvement in cross-border cyber operations. In October 2018, it noted that GRU was behind a large number of "indiscriminate and reckless cyber attacks" on political institutions, businesses, media, and sports organisations. A number of these cyber attacks targeted the World Anti-Doping Agency (WADA), political institutions to destabilise democracies, and businesses.

It added that GRU actively supported a number of infamous Russian hacker groups such as APT 28, Fancy Bear, Sofacy, Pawnstorm, STRONTIUM, Sandworm, Sednit, CyberCaliphate, Voodoo Bear, Cyber Berkut, and BlackEnergy Actors.

Commenting on NCSC’s latest findings, Foreign Secretary Raab said that “the GRU’s reckless and brazen campaign of cyber-attacks against Georgia, a sovereign and independent nation, is totally unacceptable and that “the UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour.”

“The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law,” he added.

According to UK agencies and the government, GRU was previously involved in a number of large-scale cyber operations. These included the BlackEnergy operation that targeted Ukraine’s electricity grid in December 2015, the Industroyer malware campaign that resulted in a fifth of Kyiv losing power in December 2016, the NotPetya ransomware campaign targeting the Ukrainian financial, energy and government sectors in June 2017, and the Badrabbit ransomware campaign in October 2017.

MORE ABOUT: