British security officials have identified a Russian military intelligence unit as the source of a series of “large-scale, disruptive cyber attacks” on Georgia last autumn.
The former Soviet Union state suffered a spree of attacks on its government websites, national broadcasters and NGOs on 28 October 2019.
Analysts at the National Cyber Security Centre have concluded “with the highest level of probability” that the attacks, aimed at web hosting providers, were carried out by the GRU in a bid to destabilise the country.
“The UK is clear that the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people,” according to the government. “The UK remains unwavering in its support for Georgia’s sovereignty and territorial integrity.”
The GRU is regarded as one of the most aggressive actors in cyber space, having carried out attacks on Ukraine’s electricity grid, finance sector and energy industry using a number of forms of malware from 2015-17.
It was behind the NotPetya ransomware virus that spread from Ukraine to a number of businesses across Europe, the Skripal poisoning in Salisbury and the hack on Hillary Clinton’s presidential campaign.
According to the government, the Georgian attacks represent the first disruptive or destructive cyber incidents carried out by the GRU since late 2017.
The foreign secretary, Dominic Raab, said: “The GRU’s reckless and brazen campaign of cyber-attacks against Georgia, a sovereign and independent nation, is totally unacceptable.
“The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law.
“The UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU’s menacing behaviour.”