Language switcher

You are here

Information about cyber attacks in Georgia, sent by CERT Estonia experts from Georgia

CERT Georgia is part of the GRENA, Georgian Research and Educational Networking Association, so it is basically typical university CERT. During the attacks that started on the 8th of August, the CERT Georgia started to function as national CERT and coordinated attack mitigation. CERT France and CERT Poland helped them in attack mitigation by off-loading communication and abuse notification. At the moment there are two CERT Estonia experts in Georgia, assisting the locals.

Banking

The Central bank of Georgia has ordered all banks to stop offering electronic services, this order is still effective.

Georgia’s biggest bank TBC was under attack starting from early morning of the 9th of August. According to the system administrator of the bank, they made some configuration changes and are quite sure, that they can survive when they go back on-line.

Internet Service providers

According to Caucasus, Internet connection problems caused by redirecting traffic may have affected smaller Internet providers, also routing problems may have escalated because of the physical disconnections (cable runs through the zone of war activity). Additional information suggests that the problems with routing were a little bit more complicated than it was visible from inside country.

Caucasus is building the direct link to the West-Europe, the fiber-optic cable through the Black Sea has almost completely been installed.

The router of Internet Service provider UTG was unavailable and incapable of providing service. At the moment the service is up again.

Right now Internet is functioning quite well, the mobile network still has some issues.

Most of the sites under attack have been temporarily moved to the other locations outside of the Georgia. Some examples: news site Interpress (http://www.interpress.ge) has been moved to hosting company Servage, Tulip is hosting Ministry of Defence (http://www.mod.gov.ge) and presidents site (http://www.president.gov.ge). News portal Civil (http://www.civil.ge) and Ministry of Foreign Affairs (http://www.mfa.gov.ge) are hosted in Estonia.

Affected sites

Among others were affected by DDoS:

Among others were defaced:

More news on the same subject

10.08.2020

Estonian Information System Authority Calls for Businesses to Report Cyber Attacks

The Estonian Information System Authority (in Estonian Riigi Infosüsteemi Amet, RIA) has issued a call for local businesses to report cyber incidents because it is the only way for the government to acquire a comprehensive overview of the threats present in the Estonian cyberspace and offer effective solutions to mitigate them.

14.07.2020

Ransomware attacks have become more brutal

The review of the cyberspace of the Information System Authority (RIA) in the second quarter shows that the tactics of ransomware attacks have become increasingly brutal, because in addition to encrypting data, it is also stolen and threatened to be disclosed.