Russia's GRU accused of massive cyber-attack against Georgia
21 February 2020

Russia's military intelligence service, the GRU, was behind a massive cyber attack against Georgia based servers last October which disrupted the work of various Georgian government institutions, as well as independent media outlets and civil society organisations

The massive cyberattack of October 28, 2019 against the websites of Georgian government and private agencies, "was planned and carried out by the Main Division of the General Staff of the Armed Forces of the Russian Federation," Georgian Foreign Ministry announced on February 20.

The massive cyberattack targeted the websites of the Georgian President's Administration, common courts, city halls and city councils, as well as non-governmental organizations and media outlets. The homepages of the hacked websites were replaced by the photo showing Georgia's ex-President Mikheil Saakashvili with a caption "I'll Be Back."

In co-ordinated statements issued in Washington, London and Tbilisi blame was attributed to the Russian military intelligence service, the GRU. The UK's National Cyber Security Centre (NCSC) found that the GRU was "almost certainly" behind the attacks, which affected pages including Georgia's presidential website and the country's national TV broadcaster. It said the attack was the first significant example of GRU cyber-attacks since 2017.

In Washington, US Secretary of State Mike Pompeo said,

"On October 28, 2019, the Russian General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST, also known as Unit 74455 and Sandworm) carried out a widespread disruptive cyber attack against the country of Georgia. The incident, which directly affected the Georgian population, disrupted operations of several thousand Georgian government and privately-run websites and interrupted the broadcast of at least two major television stations. This action contradicts Russia's attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries. These operations aim to sow division, create insecurity, and undermine democratic institutions.

The United States calls on Russia to cease this behavior in Georgia and elsewhere."

The Russian government on Thursday denied the accusations. which uses servers in Georgia was one of the websites that was attacked. The website was down for four hours as a result. is owned by LINKS Europe, based in The Hague, and has been on the forefront of European efforts to promote the peaceful resolution of conflicts in the South Caucasus region, and to support development of relations between Europe and the South Caucasus countries.

On Thursday (20 February) the Management Board of issued a statement in which it condemned the cyber-attack. "This was a premeditated attempt to interfere with the work of institutions of the Georgian government, as well as media and civil society organisations operating in Georgia", the statement said.