Cyber Incident Victim: Georgia (Nation)
Date:
Oct 2019
Location:
Georgia
Summary
A massive cyber attack targeted multiple entities in Georgia, temporarily disrupting two television broadcasters and defacing approximately 15,000 websites hosted by a local provider. Affected sites included government portals, private sector platforms, and media outlets, displaying an image of former President Mikheil Saakashvili with the message "I'll be back." Critical national infrastructure remained unaffected. The incident prompted an investigation by authorities, with cybersecurity experts speculating potential state-sponsored involvement due to the attack's scale and geopolitical context, though no definitive attribution was confirmed. The hosting provider worked to restore services, recovering over half of impacted websites within hours while acknowledging the disruption to clients.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2019, Georgia experienced a large-scale cyber attack targeting multiple entities, including web hosting infrastructure, media outlets, and government websites. The attack began at dawn, with Proservice, a major Georgian web hosting provider, among the primary victims. Approximately 15,000 websites hosted by Proservice—spanning government agencies, private businesses, media organizations, and personal sites—were defaced and rendered inaccessible. Attackers replaced homepage content with an image of former Georgian President Mikheil Saakashvili accompanied by the phrase "I'll be back," referencing Saakashvili's exile in Ukraine amid criminal charges in Georgia. Concurrently, two national television broadcasters, Imedi TV and Maestro, were temporarily forced offline. Government websites affected included those of Georgia’s general jurisdiction courts and the official page of President Salome Zurabishvili. Critical national infrastructure systems were not compromised.
Proservice initiated response efforts immediately upon detecting the attack, collaborating with Georgia’s Ministry of Internal Affairs and cybersecurity experts to restore services. By 8:00 PM local time on October 28, over 50% of the affected websites had been recovered, with restoration work continuing overnight and projected for completion by the following day. The company issued a public statement acknowledging the incident as one of the largest cyber attacks in Georgia’s history and apologized to customers for the disruption. While no group claimed responsibility, cybersecurity analysts noted similarities to the 2008 Russo-Georgian conflict cyber attacks, which had been linked by some reports to Russian state-affiliated actors. Georgia’s interior ministry opened an investigation but did not publicly attribute the attack. The incident highlighted vulnerabilities in Georgia’s digital infrastructure, particularly the cascading impact of compromising a single hosting provider, while underscoring geopolitical tensions surrounding Saakashvili’s political legacy.