Largest Cyber-Attack in Georgia’s History Linked to Hacked Web Hosting Provider (Oct 28, 2019)
Georgia has stated that it was the target of the nation’s largest-recorded cyberattack in which over 15,000 websites were compromised. The attack impacted various banks, courts, newspapers, government agencies, and TV stations, with at least two television stations taken off the air. Following the attack, Pro-Service, a Georgian web hosting provider, announced they were the affected company. Pro-Service stated that the actor was able to breach its network and take down a significant number of customer websites. With this attack, actors replaced the original contents of the website with their own content. The attackers consistently posted images of former Georgian President Mikheil Saakashvili with the overlay text, “I’ll be back.”
Recommendation: The significant scope of this attack appears to indicate Advanced Persistent Threat (APT) activity due to the specificity in targeting one country. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.