Cyber Incident Victim: Imedi TV
Date:
Oct 2019
Location:
Georgia
Summary
A cyber attack targeted multiple entities in Georgia, including Imedi TV and Maestro broadcasters, temporarily disrupting their operations and defacing approximately 15,000 websites hosted by provider Proservice. Affected sites displayed an image of former President Mikheil Saakashvili with the message "I'll be back," impacting government portals, courts, private businesses, media outlets, and the president's site. While critical infrastructure remained unaffected, the scale prompted speculation of state-sponsored involvement, though official attribution remained under investigation. The incident drew comparisons to prior attacks on Georgian digital infrastructure, with experts highlighting the geopolitical implications of such coordinated disruptions targeting media and public sector entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 28, 2019, a coordinated cyber attack disrupted multiple entities in Georgia, including television broadcasters, government websites, and private sector platforms. The attack began at dawn, targeting Imedi TV and Maestro TV broadcasters, temporarily taking both offline. Simultaneously, attackers compromised Proservice, a major Georgian web hosting provider, leading to the defacement of approximately 15,000 websites hosted on its servers. Affected sites included government portals such as the general jurisdiction courts and the official website of Georgian President Salome Zurabishvili, alongside personal blogs, business pages, and local newspaper domains. Defaced websites displayed an image of former President Mikheil Saakashvili—wanted in Georgia on criminal charges and residing in Ukraine—with the superimposed message "I'll be back." While the attack caused widespread disruption to media and public-facing services, critical national infrastructure systems remained unaffected. The scale of the incident drew immediate comparisons to the 2008 cyber attacks against Georgia, which had involved traffic rerouting through Russian and Turkish servers and were later linked to Russian military intelligence units.
Proservice confirmed the attack on its own website, stating it was repelling "one of the largest cyber-attacks on the cyber space of Georgia" and collaborating with the Ministry of Internal Affairs and cybersecurity experts to restore services. By 8:00 p.m. local time on October 28, over 50% of the affected websites had been recovered. Georgia’s interior ministry launched an investigation into the incident but did not publicly attribute responsibility. Cybersecurity analysts, including a University of Surrey professor, noted the attack’s scale and selective targeting of media and government entities suggested potential state sponsorship, though no conclusive evidence was provided. Media coverage highlighted geopolitical tensions surrounding Saakashvili’s legacy and historical Russian interference in Georgian cyberspace, though officials avoided explicit accusations. The incident underscored vulnerabilities in web hosting infrastructure, with immediate operational impacts on public communications and longer-term concerns about election security amid the approaching U.K. general election.