Massive Cyberattacks On Georgia Calls For Defense And Resilience
By Khatuna Mshvidobadze, Senior Fellow at Rondeli Foundation, Professorial Lecturer at The George Washington University and Adjunct Professor of Cybersecurity at Utica College, NY.
Once again, the country of Georgia has been the target of extensive cyber-attacks. And once again, cyber security advocates are asking why the country’s defenses remain so tenuous. On October 28, thousands of Georgian websites—government, the court system, media, NGOs and academia—were defaced. Replacing their landing pages was electronic graffiti featuring images of former President Mikheil Saakashvili with the words “I’ll be back!” glimmering across the screens of thousands of surprised users.
Anti-corruption fighter Saakashvili was President of Georgia 2004-2013. He introduced sweeping reforms and set Georgia on a path toward membership in the European Union and the North Atlantic Treaty Organization (NATO). It was this western orientation that prompted Russia to invade Georgia in 2008, in the first-ever combined kinetic and cyber war. Saakashvili is no stranger to the hands of anti-Georgian hackers. He is, for now, unable to return to Georgia due to the current government’s dubious allegations of corruption.
As the extent of the most recent cyber-assault was revealed, the Ministry of Internal Affairs released a statement. “At this time, access to most websites has been restored. The rest will also be fully operational in the nearest future…the cyberattack style on each website was identical. The investigation is underway,” the Ministry said (In Georgian). No further details on the compromised systems were disclosed.
But, not for the first time, doubts linger about the promptness of the government’s investigation. In 2018, TBC Bank, a leading bank in Georgia, experienced massive cyberattacks. At the time, Mamuka Khazaradze, co-founder of the bank, stated (In Georgian) that the “TBC IT team was able to reveal from where the attack originated, and information was provided to the Ministry of Internal Affairs.” Nonetheless, the case has not yet been investigated.
Most of the websites affected by the current wave of attacks are hosted by Georgian local web-hosting providers Pro-Service and Serv.ge. The attacks were successful due to poor security measures, according to the Georgian cybersecurity community. Vulnerabilities in the applications, databases, operating systems or networks invite attack.
“Yes, the attack was massive but unsophisticated. It appears that a malware component was not utilized,” Andro Gotsiridze, former Chief of the Cyber Security Bureau, told the author in a telephone conversation. He continued, “What happened this week might well be an intelligence-by-attack-strategy,” testing vulnerabilities, defenses and resilience of the country. We had better be prepared. This attack may well be implemented by a hostile country.” In the Georgian context, that could only mean Russia.
In a simple web defacement, the perpetrator exploits a vulnerability to compromise the targeted server and modify web pages. The appearance of the pages, typically the landing or index page is thus changed, displaying the perpetrator’s graffiti. Once a backup of the index page file is uploaded, it goes back to normal.
Nonetheless, even a simple defacement can cause a loss of traffic and significant damage to a business. Moreover, in some cases, defacement can be just a beginning. Later, it may be revealed that perpetrators inserted a malicious code that allows them to sustain control over the entire server.
Of course, we do not know, to what level each affected system was penetrated, however, given the magnitude, breadth and coordination of these attacks, Georgia’s yet limited abilities to deal with cyber-attacks are recalled.
This is not the first time that Georgia has experienced website defacement. One of the many methods used in 2008 was defacement carried out by SQL injection techniques, a type of attack that gives an attacker control over the web application database by inserting arbitrary SQL code into a database query. In such attacks, hackers can extract or even alter or destroy data in the system. This time, however, some Georgian cybersecurity experts argue that SQL injection techniques were not used.
This is what Mr. Gotsiridze meant when he called the attacks unsophisticated. According to Trend Micro, most defacements are conducted without malware insertion. Only 15% of web defacements included a malware component in recent years.
Since 2008, 20% of Georgian territory has been occupied by Russia. In every aspect except sustained gunfire, the war continues, not least in the cyber arena. Georgia has been under continuous cyberattack from its northern neighbor. A frequent perpetrator is the Russian advanced persistent threat (APT) group known as Fancy Bear or APT 28, which is associated with the GRU, Russian military intelligence. According to a report from the respected cybersecurity company FireEye, this group attacked websites of the Georgian Ministry of Internal Affairs and Ministry of Defense. These attacks were advanced, persistent and complex. Hackers penetrated a network via spear-phishing techniques and carried out long-running cyber espionage campaigns. Fancy Bear has also committed cyberattacks that might have furthered Russian government interests against western countries and was a major player in the penetrations of the American Democratic Party during the 2016 elections.
This time, however, the attacks were massive but unsophisticated. It is not Fancy Bear’s signature, but that does not rule out another state or state-sponsored actor.
“It may be a deliberate attack by a state actor,” says Georgian cybersecurity expert Anzor Mekhrishvili (in Georgian). “It may also be revenge by friends of Russian hacker Yaroslav Sumbaev” who was extradited by Georgia to Russia on October 24. Sumbaev was wanted by Russian law enforcement authorities for cybercrime charges and alleged involvement in the murder case of a Moscow economic crime investigator. Frankly, given the magnitude and the organization of the most recent attacks, the friends of Sumbaev hypothesis seems unlikely.
Do we know who might have perpetrated this attack? Of course, we cannot be sure, but based on Georgia’s previous experiences, can one come up with a possible hypothesis? Was it a state actor conducting intelligence-by-attack, as Mr. Gotsiridze suggests, or was it just a false flag operation? This is yet to be determined. What is crystal clear, however, is that the country’s cyber capabilities must be better addressed. Vigilance must become a call to action. It should come as no surprise that geopolitical conflict also operates in the cyber realm. Georgia must improve its cyber defense and resilience.
The opinions and conclusions expressed are those of the author and do not necessarily reflect the views of the Georgian Foundation for Strategic and International Studies.
- In line for the candidate status, Georgia will get a European perspective. What are we worried about?
- The break-up of the Hungarian-Polish coalition - an opportunity for the EU
- Failed Tskhinvali Referendum
- The War and Georgia
- "Autocratic Peace"
- “Rural Orbanism”- Polarization as a determinant for Hungary's political future
- Illegal Presidential Elections in the Tskhinvali Region: Why Bibilov Lost and What to Anticipate in Future
- How to Respond to Russian Ultra-Orthodox-Historic-Hegemonism?
- The War in Ukraine and the UK’s New Role in Eastern Europe
- What Will the Abolition of the OSCE Minsk Group Bring to the South Caucasus?
- The Presidential Election in France and Europe’s Political Future
- Will Pashinyan Be Able to Make a Drastic Turnaround in Armenian-Azerbaijani Relations?
- Why Has the Abkhaz Side Become More Active on Social Networks?
- Why a Neutral Ukraine Is Not on Putin’s Mind (Ukraine’s Neutral Status Is Getting Closer, but What Does It Mean to Putin?)
- Europe's energy future - challenges and opportunities
- Uncontrolled Mass Immigration and the Position of the Georgian Government
- Changes in Putin's propaganda narratives since the Russian invasion of Ukraine
- Ukraine will soon embark on a path of practical integration into the European Union. What about Georgia?
- Positions and Actions of Turkey in the Russo-Ukrainian War
- NATO’s possible expansion in Northern Europe and its significance for Georgia and Ukraine
- Political Winter Olympics in Beijing
- What Is behind Putin’s Sudden Gambit in Ukraine?
- Abkhazia in 2021: Energy Crisis, New “Minister” and Political Controversy
- L'Europe pourra-t-elle éviter le “déjà vu” ? (France, President of the Council of the European Union, and the Tensions in Eastern Europe)
- US-Russia Relations and the Issue of Ukraine
- The New Targets of Ramzan Kadyrov’s Regime
- What are the Prospects of the Eastern Partnership Summit Set on 15 December?
- The Upcoming EaP Summit - Why the Trio Initiative Should Finally Find Its Way
- What Will the Post-Merkel Era Mean for the EU’s Russia and Eastern Neighbourhood Policy?
- What Lies Behind the Growing Cooperation of the Georgian and Hungarian Governments
- “Doberman” as a Minister: Inal Ardzinba’s Prospects and Challenges
- The Belarus Crisis: How to Enhance Our Resilience Against the Russian Strategy for Its Near-Neighborhood
- EU-Poland’s worsened relations and what it means for the EaP
- Lessons From Germany on Political Culture: What Georgia Can Learn From the German Parliamentary Elections
- Belarus One Year On: An Insecure Regime Under Russian “Protection”
- Why Did Iran-Azerbaijan Relations Become Strained?
- Russia’s Parliamentary Elections - What Can Be Said About the Regime’s Stability
- An Emerging Foreign Policy Trend in Central and Eastern Europe: A Turn from China to Taiwan?
- Vaccination: “To Be, or not to Be”…
- Can Georgia use China to balance Russia?
- Sharia Patrols in Kabardino-Balkaria: A Growing Trend or a Local Conflict?
- Belarus’ exit from the Eastern Partnership and what to expect next
- Pacta Sunt Servanda: Agreements must be kept
- Associated Trio, What is Next?
- Formation of a New “Political Elite” in Abkhazia - Who Will Replace the Old “Elite?”
- The symbolism of the EU flag and why a true Christian would not tear it down and burn it
- Securitization of the Arctic: A Looming Threat of Melting Ice
- What Should Georgia Expect from the NATO Summit
- The Issue of Abkhazia and the Tskhinvali Region in the Context of NATO and European Union Membership
- (Re)Mapping the EU’s Relations with Russia: Time for Change?
- USA, Liberal International Order, Challenges of 2021, and Georgia
- Georgia's transit opportunities, novelties and challenges against the backdrop of the pandemic
- ‘Vaccine Diplomacy’: A New Opportunity for Global Authoritarian Influence?
- Deal with the ‘Dragon’: What Can Be the Repercussions of the China-EU Investment Agreement?
- Georgia’s Application for European Union Membership
- A New Dawn for Transatlantic Relations under Biden’s Presidency: What Are the Hopes for Georgia?
- Who did the judge sentence: Navalny, Putin or Russia?
- Biden’s Conundrum
- 2020 Developments in Abkhazia: “Elections,” the Pandemic and Deeper Integration with Russia
- The Hungarian Crisis: Is the EU Failing against Authoritarianism?
- Could Belarus Become a Prelude to the Great Polish-Swedish War 400 Years Ago?
- COVID 19 Pandemic Economic Crisis and Reducing the Instability of Georgia’s National Currency
- Escalation of the Karabakh Conflict: Threats and Challenges for Georgia
- Some Thoughts on the Use of the Term „Post-Soviet Space“
- Georgia’s European Way During the Period of Pandemic Deglobalization
- Turkey's Caucasus Policy Against the Backdrop of the Latest Armenia-Azerbaijan Tensions
- Khabarovsk Krai Protests as an Indicator of the Russian Federation’s Stability
- The Pragmatism and Idealism of the Georgian-American Partnership
- Independence of Georgia and the Historic Responsibility of Our Generation
- Complications Caused by the Coronavirus in Turkey and Their Influence on Georgia
- “Elections” in Abkhazia: New “President’s” Revanche and Challenges
- Consumer Crisis in the Tskhinvali Region: Food for Thought
- Georgians Fighting the Same Battle 99 Years Later
- Georgian Defense – Political Paradox and the Vicious Circle of Not Having a System
- Why It Matters: Georgia’s 'Troll Scandal' Explained
- Political Crisis in Occupied Abkhazia
- What is the Significance of Killing General Qasem Soleimani?
- What Will the New Dialogue Format with Russia Bring for Georgia?
- On the “Russian Culture Center” in Georgia
- Whither Economic Policy?
- Main Messages of Russian Propaganda
- What do we know about the meeting of the Foreign Ministers of the Russian Federation and Georgia?
- What is the Connection between NATO and Reclaiming Abkhazia?
- New Focuses of the Anti-Occupation Policy
- Georgia's Problems are not Addressed at G7 Meetings: Who is to Blame?
- The Cyber Dimension of the 2008 Russia-Georgia War
- Vladimir Putin’s Main Messages in his Interview with the Financial Times
- Dugin has Come Out as a Supporter of Georgia – How Did This Happen?
- The Outcome of the European Parliament Elections - What Does it Mean for Georgia?
- Deterring Russia
- Factors that need to be taken into Account when Developing a New National Cyber Security Strategy
- Why Local Elections of March 31, 2019 in Turkey are Important?
- Does the Principle of Strategic Partnership Work in Ukraine-Georgia Relations?
- A New Chance for Circular Labor Migration between Georgia and the EU
- Russian Footprint in Georgian Elections
- Georgia’s Trade with Electricity: The Influence of Bitcoin
- Georgia’s External Trade: How to Strengthen Positive Trends
- The Risk of the Renewal of the Karabakh Conflict after the Velvet Revolution in Armenia
- Why It Is Necessary to Know the Day the Russo-Georgian War of 2008 Started
- Georgia’s Position in the Westernization Index 2018
- Why Did the Results of the G7 Summit in Charlevoix not Meet Our Expectations?
- The Ben Hodges Model – a Real Way for Georgia’s Membership in NATO
- Why did the Foreign Ministers of G7 not remember Georgia during their 23 April 2018 Toronto Meeting?
- Georgia and the American Strategy
- Putin’s Pre-Election Economic Promises: Myth and Reality
- Trade of Electricity: Successes of 2016, Reality of 2017 and Future Prospects– the Impact of Bitcoin (Part Two)
- Let Geneva Stay the Way it is
- Trade of Electricity: Successes of 2016, Reality of 2017 and Future Prospects – the Impact of Bitcoin (Part One)
- Geopolitical Vision of the Russian Opposition
- Dangers Originating from Russia and Georgia’s Security System
- Eurasian Custom Union and problems of Russian – Georgian FTA
- What Awaits the People of Gali?
- Disrupt and Distract: Russia’s Methodology of Dealing with the West
- Trojan Horse Model IL- 76 or Why Would Russia Want to Fight Georgia’s Forest Fires
- Russian Diplomats in Georgia – who are they, how many of them are there and what are they up to
- Putin’s Visit to the Occupied Abkhazia: Was our Reaction Actually Adequate?
- Pence’s Visit to Georgia: Several Lessons and What We Should be Expecting
- Is it Acceptable for Georgia to Declare Neutrality?
- Georgia’s European Perspective in the Context of EU’s Future Evolution
- Brexit Negotiations between the European Union and the United Kingdom have been re-launched: What will be their Influence on Georgia?
- How to Stop the “Creeping Occupation”
- Kremlin’s Policy in the Occupied Regions of Georgia Moves to a New Stage
- Syrian Civil War in the Context of Regional Security
- The Winnable Second Round of Russia’s Neighbors’ Struggle against Its Imperialism
- Turkey’s Domestic and Foreign Policy in the Context of Regional Security
- Post-Soviet States – Struggle for the Legitimation of Power
- Current Foreign Policy of Georgia: How Effective is it in Dealing with the Existing Challenges?
- Military Resilience - a Needed Factor for NATO-Partners
- Observations on the Agreement Reached with Gazprom
- New Russian Weaponry in the Caucasus and Its Impact on Georgia’s NATO Aspiration