Yahoo News British spies blame Russian 'Sandworm' unit for cyber attack on Georgia
Security services have blamed the Russian intelligence 'Sandworm' unit for cyber attack on Georgia, amid fears it could be the start of a wider destabilisation campaign.
The Foreign Secretary Dominic Raab described the online assault, which downed the Caucus state’s national broadcasters and websites in October, as “reckless and brazen”.
Georgia today took the usual step of publicly attributing the attack to Russia and has been swiftly backed by the UK and US, with other nations expected to issue statements of support later today.
In a statement, Mr Raab said: “The GRU’s reckless and brazen campaign of cyber attacks against Georgia, a sovereign and independent nation, is totally unacceptable.
“The Russian Government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law.
“The UK will continue to expose those who conduct reckless cyber attacks and work with our allies to counter the GRU’s menacing behaviour.”
The attack in October knocked out a number Georgian national broadcasters and defaced more than 2,000 websites, including Government and court pages.
Some of the websites had their home pages replaced with an image of former President Mikheil Saakashvili, and the caption "I'll be back".
Following the attack, the Telegraph understands the UK supported Georgian operatives in tracing that hack’s origin. Today the National Cyber Security Centre, the public arm of GCHQ, said was "almost certain" to a probability of 95 percent, that the cyber attacks were carried out by the GRU.
For the first time the UK Government also publicly named and condemned the GRU Sandworm unit believed to be behind the disruption. The programme is operated by the GRU’s Main Centre of Special Technologies, often referred to as its field post number 74455.
The Sandworm unit is also believed to be behind a series of disruptive attacks in the Ukraine between 2015 and 2017, including shutting down its electricity grid causing outages for more than 200,000 people as well as disrupting the Kyiv metro and Odessa airport with malware assaults.
The Telegraph understand UK security services are concerned that the October attack on Georgia could be the start of a similar campaign of infrastructure assaults aimed at destabilising its government.
US secretary of State Mike Pompeo echoed the UK's stance, "condemning Russia’s cyber attack" against the "people and institutions" of Georgia.
We stand with #Georgia in condemning Russia’s cyber attack against its people and institutions. Russia must immediately cease this behavior in Georgia and elsewhere. The stability of #cyberspace depends on the responsible behavior of all nations. https://t.co/4RnWrSOlBp
— Secretary Pompeo (@SecPompeo) February 20, 2020
The Telegraph has launched a five-part series of long reads exploring Britain's security in the 21st Century.
