The United States and its key allies on Thursday accused Russia's main military intelligence agency of a broad cyberattack against the Republic of Georgia in October that took out websites and interrupted television broadcasts, in a coordinated effort to deter Moscow from interfering in the U.S. presidential election.
Secretary of State Mike Pompeo and the Pentagon said in statements that the Russian military intelligence agency known as the GRU had carried out the attack.
Pompeo's statement specifically blamed a Russian hacking unit known as Sandworm, tying it for the first time to the GRU. Sandworm is a notorious Russian hacker group, which is believed to be responsible for some of the most brazen cyberattacks around the world over the past decade.
"This action contradicts Russia's attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyberoperations against a number of countries," Pompeo said. "These operations aim to sow division, create insecurity, and undermine democratic institutions."
Pompeo said the United States called on Russia to cease the behavior and pledged to help Georgia protect against future cyberattacks.
"The U.S. Government position has been clear, we will defend our partners' and allies' core interests and hold the Russian Federation accountable for these destabilizing activities," said the statement by Air Force Lt. Col. Carla Gleason, a Pentagon spokeswoman.
The GRU was one of the agencies implicated in a 2017 attack that struck major companies around the world, including Merck, Federal Express and Maersk. That attack is considered one of the most destructive and expensive in history, causing billions of dollars in damage.
HOUSE BRIEFING
In Washington, intelligence officials warned House lawmakers last week that Russia was interfering in the 2020 campaign to try to get President Donald Trump reelected, five people familiar with the matter said.
The day after the Feb. 13 briefing to lawmakers, Trump berated Joseph Maguire, the outgoing acting director of national intelligence, for allowing it to take place, people familiar with the exchange said.
During the briefing to the House Intelligence Committee, Trump's allies challenged the conclusions, arguing that Trump has been tough on Russia and strengthened European security.
The president announced Wednesday that he was replacing Maguire with Richard Grenell, the ambassador to Germany and long an aggressively vocal Trump supporter.
Though some current and former officials speculated that the briefing may have played a role in the removal of Maguire, who had told people in recent days that he believed he would remain in the job, two administration officials said the timing was coincidental. Grenell had been in discussions with the administration about taking on new roles, they said, and Trump had never felt a personal kinship with Maguire.
Spokeswomen for the Office of the Director of National Intelligence and its election security office declined to comment. A White House spokesman did not immediately respond to requests for comment.
A House intelligence committee official called the Feb. 13 briefing an important update about "the integrity of our upcoming elections" and said that members of both parties attended, including Rep. Devin Nunes of California, the top Republican on the committee.
Pompeo's statement Thursday was backed up by simultaneous accusations from Britain, Australia and a host of European nations, all lending credence to the American conclusion that Russia's Main Center for Special Technology, a unit with the GRU, was responsible.
A senior administration official, who spoke on the condition of anonymity because he was not authorized to discuss the decision to name Russia, said it was notable that the accusation came from Pompeo.
The official said the announcement was specifically meant as a warning to the Kremlin. It mirrors the National Security Agency's move in 2018 to briefly shut down the Internet Research Agency, another Russian unit that operates outside the formal government structure and that had been involved in the attacks related to the last presidential election.
The decision to name the GRU, and its special cyberunit in particular, was part of a new strategy of calling out attackers in hopes of preventing future strikes, the official said.
But it is far from clear that the administration's new "name and shame" effort, along with criminal prosecutions and counterattacks on Russian cyberunits, is successfully deterring attacks. Members of the GRU were indicted in 2018 by former special counsel Robert Mueller as part of his investigation into Russian election interference.
The attack in Georgia took place last fall, a year later, and involved techniques that American officials have been studying to determine if they might be used against the United States in the coming election.
RUSSIAN DENIALS
Neither the United States nor its allies released any evidence used to establish how they tied the attacks to the GRU. The Russian Foreign Ministry denied that Moscow was behind the assault. "Russia did not plan and is not planning to interfere in Georgia's internal affairs in any way," said the deputy foreign minister, Andrey Rudenko, according to the news site RIA.
For years, Russia has tormented neighboring countries with targeted cyberattacks, including orchestrating two blackouts in Ukraine and broad online assaults on Estonian institutions. There were cyberattacks on Georgia in 2008, as part of a hybrid action in which Russia took control of some Russian-speaking parts of the country. It retains that control today.
The United States never formally attributed the cyberelement of those attacks to Russia, though outside experts say it was all part of a unified military operation that, in retrospect, was a crude but effective foreshadowing of Russian operations to come.
Trump has never publicly called out Russia for its cyberoperations. During the 2016 presidential debates, he argued that it was impossible to determine where a cyberattack originated -- though that is exactly what his intelligence agencies and the State Department did on Thursday in the Georgia case.
Pompeo pledged to support Georgia and other nations threatened by cyberaggression from Russia. "The United States calls on Russia to cease this behavior in Georgia and elsewhere," he said. "The stability of cyberspace depends on the responsible behavior of nations."
John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye, said it was significant that Pompeo had officially tied Sandworm hackers to GRU Unit 74455. The Justice Department has previously said that 74455 took part in the hacking of the Democratic National Committee and Hillary Clinton's campaign in 2016.
Britain said in a separate statement that its national cybersecurity center had assessed "with the highest level of probability" that the attack was carried out by Russia and called it "part of Russia's long-running campaign of hostile and destabilizing activity against Georgia."
"The GRU's reckless and brazen campaign of cyber attacks against Georgia, a sovereign and independent nation, is totally unacceptable," said British Foreign Secretary Dominic Raab.
The Australian government also issued a statement condemning the "malicious cyber activity by Russia targeting the state of Georgia in October last year."
Senior Georgian officials expressed thanks for the support.
"Last October, #Georgia suffered a reckless cyber attack affecting state, media & business entities," Georgian Prime Minister Giorgi Gakharia said in a tweet. "This was an intolerable act attempting to undermine our sovereignty. We deeply appreciate the vocal support from our partners & allies around the world."
THANKS FROM PUTIN
Meanwhile, Russian President Vladimir Putin on Thursday hailed the FBI for providing information that helped thwart a terror attack by adherents of the Islamic State group in St. Petersburg during the New Year's holidays.
Speaking at a meeting with senior officials of the Federal Security Service, the top KGB successor agency, Putin said that "we are thankful to our partners for their support and professional solidarity in countering the common threat."
He added that "we will naturally respond in kind."
The Federal Security Service in December announced the detention of two Russian men who confessed to plotting the terror attacks in St. Petersburg.
Putin then called Trump to thank him for the tip.
In December 2017, Putin similarly thanked Trump for CIA information that helped thwart a series of bombings in St. Petersburg. The Kremlin said then that the CIA tip led the security service to nab suspects who planned to attack St. Petersburg's Kazan Cathedral and other crowded sites.
Russia-U.S. ties have sunk to post-Cold War lows after Russia's 2014 annexation of Crimea, but Moscow and Washington have pledged to continue counterterrorism cooperation.
Information for this article was contributed by David E. Sanger, Marc Santora, Adam Goldman, Julian E. Barnes, Maggie Haberman and Nicholas Fandos of The New York Times; and by Dan Lamothe of The Washington Post.
A Section on 02/21/2020