Become an OC Media Member

Support independent journalism in the Caucasus: Join today

Become a member

Georgia hit by massive cyber attack

28 October 2019
An image of former President Mikheil Saakashvili was displayed on many of the hacked websites.

Around 15,000 websites in Georgia including those of major government institutions, broadcasters and online newspapers, and private businesses have been hit by a large-scale cyber attack.

Websites affected included those of TV channels Imedi, Maestro, and Pirveli, the National Bank of Georgia, the president’s office, and online news outlets Tabula and Georgia Today.

The attack began on Monday morning with more sites being hit throughout the day. 

Most of the hacked websites went offline or displayed a sliding image of a smiling former Georgian President Mikheil Saakashvili with the text: ‘I’ll be back’. 

Roman Gotsiridze, an MP from Saakashvili's United National Movement Party (UNM), insisted a ‘troll factory’ allegedly run by the government was behind the hackings.

‘This was done so that someone could say that the UNM or Misha did it from Ukraine’, Gotsiridze told the Public Broadcaster.

[Read on OC Media: Facebook trolls and fake news pages: the new ‘enemies’ of Georgian democracy]

TV Imedi’s head of news Irakli Chikhladze wrote on Facebook at around 15:30 that the network was down and they could not get any signal, adding that TV channel Maestro was in a similar situation, ‘allegedly, a result of a cyber-attack’. 

Several minutes later, TV Maestro posted on Facebook confirming that they had ceased broadcasting due to a cyber attack and that their IT department was working on the issue. 

At around 17:20, the websites of the Georgian National Bank and those of online news outlets Tabula and Georgia Today became inaccessible. 

Tabula told OC Media they did not know the details but ‘probably, it was a cyber-attack’. 

Later that day, Georgian online news outlet Newposts also said they had been affected. 

Andro Gotseridze, a cybersecurity consultant and former chief of the defence ministry’s cybersecurity bureau, told OC Media it was difficult to ascertain who was behind such attacks.

‘This is a website defacement type of hacking, not very technically sophisticated but massive [in scale]. These sorts of cyberattacks usually do not incur substantial material damage but they are used for ideological purposes.’ 

‘Attributing a cyberattack is very difficult but considering who could benefit from this, one shouldn’t rule out that it came from outside Georgia. In any case, the state should pay more attention to the security of websites and the entire critical infrastructure’, Gotsiridze said.

Davit Asatiani, the Chair of the Georgian Bar Association, responded to the attack on Facebook, writing: ‘Dear hackers, I hope you don’t attack the website of the Georgian Bar Association. Remember that you are going to need our service’

‘Around 15,000 websites hacked’

The initial targets of the attack included dozens of websites belonging to state agencies, media outlets, and non-governmental organisations. The included those of President Salome Zurabishvili, the Appeals Court, the Adjarian Government and other regional entities, watchdog group the Media Development Foundation, and the Free University. 

Several commercial entities were also among those hacked.

Later that day, Georgian news outlet On.ge quoted local hosting provider ProService, the main target of the attack, as saying that 15,000 websites that they host had been affected. They said that by the end of the day, they had managed to restore access to 50% of them.

The Georgian Interior Ministry has launched an investigation into ‘unauthorised access to a computer system’ and ‘Illegal use of computer data and/or computer systems’, which are punishable by up to six years in prison.

In September, the Georgian Public Broadcaster reported a cyber attack against them and a larger attack was reported by TV channel Pirveli in August, something that substantially limited their broadcasting capabilities. 

However, this is the first large-scale and coordinated cyber-attack since the 2008 August War.

This article was last updated at 15:20 on 29 October 2019.