Russia's GRU blamed for cyberattacks against Georgia.
The US State Department and the UK's National Cyber Security Centre (NCSC) have stated that Russia's GRU was behind thousands of website defacements that targeted the country of Georgia in October 2019. The attacks involved some 15,000 Georgian websites being temporarily knocked offline after being defaced with an image of the country's former president, Mikheil Saakashvili, accompanied by the text "I'll be back."
US Secretary of State Mike Pompeo said on Thursday that the incident "contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries." The NCSC stated that "the GRU conducted these cyber-attacks in an attempt to undermine Georgia’s sovereignty, to sow discord and disrupt the lives of ordinary Georgian people." The Australian government also released a statement condemning the attacks, saying "We will not stand by when cyberspace is used to destabilise democracies, undermine institutions or disrupt critical infrastructure." The Georgian government said the cyberattack "runs counter to the principles and norms of international law and represents another breach of Georgia's sovereignty against the country's European and Euro-Atlantic integration and democratic development."
In their statements, the US and UK also formally attributed the Sandworm threat group (also known as BlackEnergy Group, Telebots, and Voodoo Bear) to the GRU's Main Centre of Special Technologies (GTsST), also known by its field post number as Unit 74455. According to the NCSC, this unit was responsible for the BlackEnergy and Industroyer/CrashOverride attacks against Ukraine's electricity grid in 2015 and 2016, as well as the NotPetya and BadRabbit attacks in 2017. The NCSC notes that the operation against Georgia marks "the first significant example of the GRU using cyber-attacks to disrupt or destroy since late 2017."
It's worth noting that Saakashvili, whose image was used in the attacks, was a staunchly pro-Western president, so it's unlikely that the GRU was seeking to prop him up. Rather, as Khatuna Mshvidobadze told WIRED, the attacks were most likely a false flag operation designed to sow division within the country (and in this, it seems they were successful, according to ZDNet).