Cyber Incident Victim: Proservice

On October 28, 2019, a large-scale cyber attack disrupted multiple entities in Georgia, primarily affecting web infrastructure and broadcast media. The incident began with coordinated defacements targeting websites hosted by Proservice, a Georgian web hosting provider, ultimately impacting approximately 15,000 sites. Attackers replaced homepage content with an image of former Georgian President Mikheil Saakashvili—who faces criminal charges in Georgia and resides in exile—alongside the phrase "I'll be back." Affected sites spanned personal, business, local newspaper, and government domains, including the websites of Georgia’s general jurisdiction courts and President Salome Zurabishvili. Concurrently, two major television broadcasters, Imedi TV and Maestro, experienced temporary outages, though critical national infrastructure systems remained operational throughout the incident.

Proservice initiated restoration efforts immediately following the attack, announcing by 8:00 pm local time on October 28 that over 50% of affected web pages had been restored, with full recovery anticipated by the end of October 29. Georgia’s interior ministry launched an investigation into the incident but did not publicly identify suspects or disclose technical details of the intrusion. Cybersecurity experts cited in media reports, including Professor Alan Woodward and Jonathan Knudsen, assessed the attack’s scale and political symbolism as indicative of potential nation-state involvement. No group claimed responsibility, and the investigation yielded no conclusive attribution at the time of reporting. The incident highlighted vulnerabilities in media and hosting provider infrastructure, though no data theft or secondary disruptions beyond the initial defacements and outages were documented.