UK blames Russia's GRU for cyber attacks targeting Georgia

UK accuses Russia of being behind a string of cyber attacks on neighbouring states

The UK has accused Russia's military intelligence service of masterminding cyber attacks last year on neighbouring Georgia.

The GRU, according to the National Cyber Security Centre (NCSC), was behind a campaign of attacks on a range of Georgian hosting providers in October last year, as part of a "long-running campaign of hostile and destabilising activity against Georgia".

The statement today accuses Russia's government of conducting the campaigns "in an attempt to undermine Georgia's sovereignty, to sow discord and disrupt the lives of ordinary Georgian people". Under its Professional Development Framework for All-Source Intelligence Assessment [PDF], the NCSC claims that it is 95 per cent certain that Russia was behind the attacks.

https://twitter.com/RidT/status/1230511992382906368?ref\\_src=twsrc%5Etfw

Foreign secretary Dominic Raab described the GRU's campaign as "reckless and brazen" and "totally unacceptable".

He continued: "The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law. The UK will continue to expose those who conduct reckless cyber-attacks and work with our allies to counter the GRU's menacing behaviour."

The particular group behind the Georgia attacks are known variously as the Sandworm team, BlackEnergy, Telebots, or VoodooBear [Google Docs spreadsheet].

The NCSC claims that it is the first example of GRU cyber attacks against a neighbouring state since a wave of cyber attacks against Ukraine between 2015 and 2017, These coincided with a campaign of military separatism in Ukraine's east, fuelled by Russian government arms, covert military assistance and funding. That followed on from the annexation of the Crimea by Russia in 2014.

According to the NCSC, this particular unit of the GRU was responsible for: