In a rare public announcement, the State Department is formally blaming Russian intelligence for a cyber incident that disrupted thousands of websites in Georgia last year.
The incident, carried out by the Russian General Staff Main Intelligence Directorate (GRU) last October, according to Secretary of State Mike Pompeo, disrupted and defaced thousands of Georgian government websites and the broadcast of two television stations.
“This action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries,” Pompeo said in a statement Thursday. “These operations aim to sow division, create insecurity, and undermine democratic institutions.”
Thursday’s announcement was the first time the U.S. government connected the GRU to the hacking group known as Sandworm. The U.S. government has previously said Sandworm was responsible for the NotPetya worm and Olympic Destroyer attacks.
The rare reprimand from the State Department comes just as the U.S. intelligence community braces for possible foreign interference in the 2020 presidential elections and seek to halt any possible operations targeting campaigns. The hacking group known as APT28, responsible for the 2016 breach of the Democratic National Committee, has also been linked with the GRU.
To date, the intelligence community has found no evidence that foreign adversaries have been working to “prevent voting or change votes” this cycle, according to the FBI Director Christopher Wray, the director of the Department of Homeland Security’s cybersecurity agency Christopher Krebs and other top Trump administration officials.
As part of a recognition that the same tactics and techniques Russia uses against neighboring countries could be used against the U.S., the U.S. military has recently been working with partnering countries abroad to root out Russian and adversarial malware. In preparation for the 2018 midterm elections, for example, Cyber Command sent personnel to Montenegro, North Macedonia, and Ukraine.
Cyber Command, for its part, sent cyber personnel to Montenegro last year, which itself has been the victim of Russian cyberattacks in recent years. That mission was completed last fall, a Cyber Command official told CyberScoop.
Russian designs against Georgia
Following work with international partners and investigations conducted by Georgian authorities, Georgia’s Ministry of Foreign Affairs likewise attributed the attacks to Russia on Thursday.
“As a result of cyberattack … servers [and] management systems were damaged and their functioning was significantly hindered,” the MFA said in a statement. “Georgia condemns the cyberattack, which runs counter to the principles and norms of international law and represents another breach of Georgia’s sovereignty against the country’s European and Euro-Atlantic integration and democratic development.”
Cyber Command declined to comment on whether it participated in attribution. The FBI didn’t immediately return request for comment.
Technical assistance to Georgia
Pompeo admonished Russia to stop targeting Georgia and other victims around the world to restore “the stability of cyberspace.”
“We, together with the international community, will continue our efforts to uphold an international framework of responsible state behavior in cyberspace,” Pompeo said.
In the meantime, the U.S. government will be putting its weight behind protecting Georgia against Russia’s nefarious goals, and offering additional capacity building and technical assistance, according to Pompeo.