Estonia names Russia’s military intelligence in a first-ever attribution of cyberattacks

Today 5 September, Estonia attributed the 2020 cyberattacks against Estonia to the members of Unit 29155 of Russia’s military intelligence (GRU). It is the first time in history that Estonia has attributed cyberattacks against the state to the perpetrator of the attacks. The Prosecutor’s Office sought the arrest of three GRU officers and they are wanted internationally based on the arrest warrant issued by the Harju County Court. Estonia’s security agencies also provided support for an US investigation in connection with more extensive cyberattacks.

“Estonia condemns any malign activity, including cyberactivity that threatens our institutions, our citizens and our security. Both a national and an international investigation that included 10 countries showed that Russia’s aim was to damage national computer systems, obtain sensitive information and strike a blow against our sense of security,” Foreign Minister Margus Tsahkna said, adding that Russia’s actions were malign and premeditated and Russia must be held accountable.

 “Estonia was not the only target, unfortunately our Allies and partners, including Ukraine, were also hit. One of the main aims of Russia has been to destroy Ukraine, both in cyberspace as well as on the conventional battlefield, and deter Ukraine’s supporters,” Tsahkna said. He affirmed that we will remain unmoved by this and in cooperation with our international partners, we will continue reinforcing our safety, security and values. “Estonia also advocates for all states respecting international law in cyberspace. An open, stable and secure cyberspace is the foundation of the success story of Estonia’s digital society,” the minister said.

Tanel Sepp, Director General of the Cyber Diplomacy Department of the Ministry of Foreign Affairs, said that with this attribution, we are sending a clear signal that cyberspace is not lawless by nature. “Attribution in cyberspace is not an easy task but today we can clearly show that we can to this and we will continue identifying the perpetrators of attacks against us in the future,” Sepp said, adding that our cooperation with partners will be equally effective.

Joint press release by the Prosecutor’s Office, Estonian Internal Security Service, and the Police and Border Guard Board: https://www.prokuratuur.ee/en/news/gru-military-unit-launched-cyberattacks-against-estonian-authorities

Statement by the United States of America on the cyberattacks: https://www.justice.gov/live

BACKGROUND: In November 2020, three Estonian ministries were hit by cyberattacks and they were processed by the Prosecutor’s Office and other relevant agencies. The Information System Authority of Estonia identified three criminal attacks against Estonia’s national IT infrastructure, and one involved the servers of the Foreign Ministry’s external websites www.MFA.ee and www.vm.ee and their services.

The attribution of the cyberattack comes from the decision of an attribution working group led by the Ministry of Foreign Affairs, informed by the results of an international and national investigation.