[BreachExchange] Largest cyber-attack in Georgia's history linked to hacked web hosting provider

Wed Oct 30 10:03:58 EDT 2019

https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/

The country of Georgia suffered a massive cyber-attack today during
which over 15,000 websites were defaced and later taken offline.

The attack, considered by local press the biggest in the country's
history, impacted the sites for various government agencies, banks,
courts, local newspapers, and TV stations.

Pro-Service, a local web hosting provider, has stepped forward to take
the blame for the issue, admitting that a hacker breached its network
and took down customer websites, effectively causing today's outage.

The web host said the attack took place early in the morning, and that
by 8 pm, local time, staff had recovered more than half of the
impacted sites.

PANIC IN GEORGIA

Today's cyber-attack caused quite a panic in the small Caucasian
country, although the attack wasn't particularly sophisticated.

In cyber-security terms, this is a classic "website defacement," a
type of hack where attackers replace the website's original content
with their own content, usually for a particular cause.

In today's hacks, the attackers posted an image of former Georgian
President Mikheil Saakashvili, with the text "I'll be back" overlaid
on top (see image above).

Saakashvili, known for his fierce pro-Western agenda, is now a
Ukrainian citizen, after leaving Georgia in 2013, citing a political
witch-hunt on corruption charges. During his two consecutive terms as
president, he was viewed as a reformer and anti-corruption fighter and
still has a positive image inside Georgia.

While we don't have exact technical details on how hackers breached
Pro-Service and defaced all sites, some sites were hit harder than
others.

For example, at least two television stations (TV Imedi and TV
Maestro) went off-the-air following the attacks, according to a
Facebook post from Irakli Chikhladze, TV Imedi head of news.

TV channel Pirveli was also affected but did not go off-the-air. Some
newspaper sites are still offline at the time of writing, according to
some cursory checks by ZDNet.

A Pro-Service spokesperson could not be reached by phone for
additional details about the attack, although the company has been
updating its website periodically with new information.

The culprit behind the attacks has not yet been identified; however,
authorities said they started an investigation.

SIMILARITIES TO 2008 RUSSIAN CYBER-ATTACKS

But today's attack is not unique. During the five-day Russo-Georgian
War of 2008, Georgia saw a series of similar attacks.

For example, Russian hackers used BGP hijacking to reroute Georgian
internet traffic through servers in Russia, defaced government
websites, and hacked TV and radio stations.

Many Georgians were quick to link or liken today's mass-defacement to
the 2008 hacks, although there is no evidence to support such theories
-- for the time being.