Four years after the IT services of Estonian ministries, including the Ministry of Foreign Affairs, were subjected to cyberattacks, Tallinn has identified employees of the Russian military intelligence unit 29155 (GRU) as the perpetrators. This was announced by the Estonian Prosecutor's Office, reports UNN citing Euractiv.
This is the first time the Baltic country has attributed a cyberattack targeting a state to the perpetrator, the statement said.
“The prosecutor's office has sought the arrest of the three GRU officers and they are internationally wanted on the basis of an arrest warrant issued by Harju County Court,” the Estonian Foreign Ministry said in a press release.
Attribution is a very sensitive part of any cyberattack investigation. By their very nature, it is difficult to link them to a person and determine whether the person behind the attack was acting on behalf of the state. But bringing the perpetrators to justice is equally difficult.
The attribution of the attack to Russian services is the result of a national and international investigation involving 10 countries, Estonian Foreign Minister Margus Cahkna said in a statement.
The investigation “revealed that Russia's goal was to damage the nation's computer systems, obtain sensitive information, and strike at our sense of security.” Investigators concluded that the attacks were “malicious and deliberate,” the statement said.
“Establishing attribution in cyberspace is not an easy task, but today we can clearly show that we can do it, and we will continue to identify those responsible for attacks against us in the future,” added Tanel Sepp, Director General of Cyber Diplomacy at the Foreign Office.
In parallel, the US Department of Justice published an indictment alleging that GRU hackers attempted to gain access to Ukrainian government systems in an attempt to obtain information related to the war in Ukraine.