Russian intelligence has targeted Georgia’s government and key sectors including infrastructure companies, electricity providers, oil terminals, telecommunication operators, and energy sectors in a series of espionage and hacking campaigns from 2017 to 2020.
Documents accessed by Bloomberg reveal this massive cyber intelligence operation. Georgia, a country of nearly four million people at the crossroads of Europe and Asia, has long been central to the East-West geopolitical struggle.
Russian intelligence services, including the GRU (Russia’s military intelligence) and the FSB, penetrated the heart of Georgia’s state apparatus. The espionage campaign targeted major government departments such as the Foreign Ministry, the Finance Ministry, the Central Election Commission, and core infrastructure sectors.
Of the most alarming aspects of the operation is that it gave Moscow potential access to vital infrastructure systems, including the ability to disrupt electrical substations and telecommunications networks. Documents reveal that hackers linked to the GRU could turn off electrical grids in certain regions and could have interrupted Georgia’s power supply if the government’s direction became unfavourable to Russian interests.
The hacking campaign highlights Russia’s broader geopolitical agenda of weakening pro-Western influences in the region, particularly as Georgia edges closer to EU and NATO memberships.
The tactics employed in Georgia resemble Russia’s previous cyber campaigns aimed at influencing political outcomes in other countries, most notably the United States in 2016. In Georgia, the GRU targeted government agencies, media organisations, and critical companies like the national railway.
The extent of the surveillance suggests that Russian hackers were intent on gathering intelligence and positioning themselves to disrupt Georgia’s infrastructure if necessary.
Among the most sensitive operations was the surveillance of Georgia’s Foreign Ministry by Turla, a notorious hacking group affiliated with the FSB. Turla conducted months-long espionage, pilfering emails and data from top officials, including Georgian ambassadors to the EU and the United States.
The group also monitored employees at the Tbilisi electricity company Telasi through internal cameras, tracking their movements in real-time.
While Georgian officials have acknowledged attempts to hack their systems, responses to specific incidents remain guarded. The Central Election Commission, for instance, confirmed that its servers were targeted in a distributed denial-of-service attack in 2021, though it said this had no impact on its systems.
Other major organisations, such as the state-owned energy company and several media outlets, have either declined to comment or denied the extent of the breaches.
Last month, the US dismantled 32 Russian-linked domains influencing US elections. In August, Russian hackers were caught snooping on media outlets, human rights groups, and important US officials, including a former ambassador.
In July 2024, Russian hackers were targeting Indian political observers in an operation dubbed ShadowCat.
In the News: 240,000 WazirX wallets hit by inconstencies, unauthorised transfers