Shaakashvili

The image of Mikhail Shaakashvili used to deface Georgian websites in October 2019.
The US and its allies have claimed Russia's military intelligence defaced Georgian websites with an image of the country's former president. Moscow says the accusation is not backed by any evidence and is clearly just a PR stunt.

In late October last year, Georgia suffered what was described as the largest cyberattack in its history. Over 15,000 web pages - including those of government agencies, newspapers and banks - were defaced and later became inaccessible. The original content was replaced with a photo of former Georgian president Mikhail Saakashvili, currently a fugitive from justice, with the words "I'll be back" above his head.

Many in Georgia immediately blamed the attack on Russia, and lo and behold, more than three months later the accusation is official. The Georgian foreign ministry claimed the GRU, Russia's military intelligence agency, was behind it, citing its own investigation and information from "foreign partners." The partners soon piled on Russia, with the charges repeated by the US, the UK, Canada and some others.

Notably, Russia's accusers were tight-lipped on what evidence they had to support their claims. Neither technical details of the attack nor even a brief explanation of the investigation process were provided. The Russian foreign ministry pointed to this fact as it brushed aside the accusation.

"The lack of evidence and political motivation behind this obviously orchestrated information attack are impossible to miss," it said in a statement. "It took almost four months to make an attempt to scapegoat Russia for the incident that happened on October 28 last year. All the charges are along the lines of the notorious 'highly likely' approach," they concluded, referring to the line used by former UK Prime Minister Theresa May when accusing Russia following the poisoning of Sergei Skripal in 2018.

In the absence of actual proof, people with a record of accusing Russia of various nefarious cyber deeds resorted to speculation. Georgia is "in their neighborhood," said Adam Meyers from the security firm CrowdStrike. "It's in line with Russian tactics. The specific outcome is less important than causing upheaval and conflict between different groups in the country".

CrowdStrike is most famous as the source of the claim that Russia hacked the servers of the DNC during the 2016 presidential race. It was tasked with investigating the situation, and was apparently trusted so much by the Obama administration that the FBI didn't deem it necessary to double check their assessment.

Washington and its friends said the culprit was the GRU's Unit 74455, which first entered the global spotlight in 2018, after the US Department of Justice indicted three of its presumed employees with hacking the DNC.

Other sins pinned on the unit include unleashing the ransomware NotPetya and its derivative Bad Rabbit in 2017. Like an earlier extortion virus WannaCry, this malware is believed to be based on cyber-warfare tools, belonging to the US National Security Agency, which were leaked a year earlier. The outbreaks affected computers running an unpatched version of Windows. Among their victims were Russian oil giant Rosneft, metal-maker Evraz and the Russian Central Bank.