Cyber Incident Victim: President Salome Zourabichvili
Date:
Oct 2019
Location:
Georgia
Summary
A massive cyber-attack targeted Georgia, temporarily disabling two TV broadcasters and defacing thousands of websites. The compromised sites, ranging from personal and business pages to government and media outlets including the president's official site, displayed images of former president Mikheil Saakashvili with a banner stating "I'll be back." Additionally, a major web hosting provider reported that approximately 15,000 websites it hosted were affected in the attack, with restoration efforts underway.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2019, a large-scale cyber-attack commenced against numerous targets within Georgia, with the initial disruption reported at dawn. The assault immediately impacted two major Georgian television broadcasters, Imedi TV and Maestro, temporarily taking their operations offline. Concurrently, a significant number of websites were defaced and subsequently taken offline, encompassing a wide range of sectors including personal sites, local newspapers, business pages, and government portals. Among the government sites affected were those belonging to Georgia's general jurisdiction courts and the official website of Georgian President Salome Zurabishvili. The attackers replaced the home pages of these defaced sites with images of former President Mikheil Saakashvili, who faces criminal charges in Georgia and resides in self-imposed exile in Ukraine, alongside a banner stating "I'll be back." A primary vector of the attack was identified as a Georgian web hosting provider, Proservice, where a server housing websites for state agencies, private sector entities, and media organizations was targeted. This resulted in approximately 15,000 subscriber websites hosted on that server crashing.
Proservice responded by issuing a public statement acknowledging the attack as one of the largest ever against Georgia's cyber space. The company confirmed it was working with the Ministry of Internal Affairs and cybersecurity experts to repel the attack and restore services. By 8:00 PM on the day of the attack, Proservice reported that more than 50% of the web pages hosted on its affected servers had been restored. The company stated that restoration work would continue throughout the night and aimed to have all web pages fully restored by the end of the following day. While the attack's scale and targeting of government and media entities drew comparisons to the 2008 cyber campaign during the Russo-Georgian conflict, Georgia's interior ministry had only just begun its official investigation into the specific perpetrators and methods behind the October 2019 incident at the time of reporting. The article noted that critical national infrastructure appeared to have been spared from the disruption.