The country of Georgia suffered a massive cyber-attack today during which over 15,000 websites were defaced and later taken offline.
The attack, considered by local press the biggest in the country's history, impacted the sites for various government agencies, banks, courts, local newspapers, and TV stations.
Pro-Service, a local web hosting provider, has stepped forward to take the blame for the issue, admitting that a hacker breached its network and took down customer websites, effectively causing today's outage.
The web host said the attack took place early in the morning, and that by 8 pm, local time, staff had recovered more than half of the impacted sites.
Panic in Georgia
Today's cyber-attack caused quite a panic in the small Caucasian country, although the attack wasn't particularly sophisticated.
In cyber-security terms, this is a classic "website defacement," a type of hack where attackers replace the website's original content with their own content, usually for a particular cause.
In today's hacks, the attackers posted an image of former Georgian President Mikheil Saakashvili, with the text "I'll be back" overlaid on top (see image below).
Saakashvili, known for his fierce pro-Western agenda, is now a Ukrainian citizen, after leaving Georgia in 2013, citing a political witch-hunt on corruption charges. During his two consecutive terms as president, he was viewed as a reformer and anti-corruption fighter and still has a positive image inside Georgia.
While we don't have exact technical details on how hackers breached Pro-Service and defaced all sites, some sites were hit harder than others.
For example, at least two television stations (TV Imedi and TV Maestro) went off-the-air following the attacks, according to a Facebook post from Irakli Chikhladze, TV Imedi head of news.
TV channel Pirveli was also affected but did not go off-the-air. Some newspaper sites are still offline at the time of writing, according to some cursory checks by ZDNet.
A Pro-Service spokesperson could not be reached by phone for additional details about the attack, although the company has been updating its website periodically with new information.