Russia Blamed for ‘Paralyzing’ Georgia Cyber Attack in 2019

(Bloomberg) -- Georgia accused Russian military intelligence of organizing a “paralyzing” cyber-attack last year and called for a reaction by the international community.

Russia’s GRU was behind the “large-scale” October 2019 attack that targeted the presidential administration, various government bodies and media outlets in an attempt undermine its European integration, according to a Foreign Ministry statement Thursday.

Estonia, the U.S. and the U.K joined Georgia in attributing the attack to the GRU, while Poland and the Czech Republic promised to help Tbilisi develop cyberdefenses. Deputy Foreign Minister Andrey Rudenko denied Russia was behind the attacks, RIA Novosti reported.

The attribution of a cyber-attack by EU member states could pave the way for sanctions, including travel bans and asset freezes, against Russian individuals, agencies, or companies, according to a new “cyber-sanctions regime” adopted by the bloc in 2019. Such measures, which would aim to “deter and respond to cyber-attacks which constitute an external threat to the EU,” are subject to unanimous approval by the bloc’s member states, which is often difficult to achieve on foreign policy matters.

Estonia hasn’t made a decision yet whether it will seek sanctions, Mart Luik, an adviser to the foreign minister, said via text message. The EU is expected to issue a joint statement on Friday, according to two diplomats familiar with the matter.

The GRU has been implicated in numerous hacking scandals around the globe, including the Democratic National Committee breach that roiled the 2016 U.S. presidential elections and the NotPetya ransomware that Merck & Co. claimed cost it $1.3 billion in losses the following year. Russia has denied involvement.

The GRU hacking group responsible -- based on the U.S. State Department attribution -- is known in the cybersecurity community as Sandworm. It is an “advanced adversary” that deploys custom and destructive malware in attacks with a particular focus on “targeting entities in the Ukraine,” including the country’s energy sector, according to research by the cybersecurity firm Crowdstrike Inc.

Sandworm is also believed to be the organization behind the attack on the 2018 Winter Olympics in South Korea, according to the cybersecurity firm FireEye Inc. “Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year,” said John Hultquist, the senior director of intelligence analysis at the firm.

--With assistance from Ott Ummelas and Milda Seputyte.

To contact the reporters on this story: Jake Rudnitsky in Moscow at jrudnitsky@bloomberg.net;Nikos Chrysoloras in Brussels at nchrysoloras@bloomberg.net;Helena Bedwell in Tbilisi at hbedwell@bloomberg.net

To contact the editors responsible for this story: Torrey Clark at tclark8@bloomberg.net, Gregory L. White, Andrew Martin

©2020 Bloomberg L.P.