Kyivstar experienced a large-scale failure, which led to the shutdown of mobile communications and the internet for about 24 million subscribers for several days in December 2023.
How? Russian hackers penetrated the system of the Ukrainian telecommunications giant back in May 2023.
JOIN US ON TELEGRAM
Follow our coverage of the war on the @Kyivpost_official.
In an interview with Reuters, the head of the cyber security department of the Security Service of Ukraine (SBU), Ilya Vityuk, said that this attack’s objectives were to inflict a psychological blow to the public and obtain intelligence information.
“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” said Vityuk.
The attack destroyed “almost everything,” including thousands of virtual servers and PCs, he said. Reuters writes that this is probably the first example of a destructive cyberattack that destroyed the core of a telecommunications operator. This happened even though Kyivstar invested heavily in cyber security.
During the investigation, the SBU found that hackers probably tried to break into Kyivstar in March or earlier.
“Now we can say [with certainty] that they were in the system at least since May 2023,” he said. “I cannot say right now, from when they had... full access: probably at least since November.”
He doesn’t rule out that Russian hackers could have stolen personal information, located phones, intercepted SMS messages, and possibly stolen Telegram accounts during the attack.
What if Russia Wins?
Kyivstar claims that customer data was not compromised, counter to the SBU assessment of possible breaches.
The SBU also reported that after the provider's operation was restored, there were still attempts at cyberattacks to cause more damage.
It’s currently difficult to investigate the incident due to the destruction on the provider’s system. But the SBU believes the attack may have been carried out by a group of Sandworm hackers, a unit of Russian military intelligence for cyber warfare.
Vityuk said SBU investigators are still working to establish how Kyivstar was hacked and what type of software or apps could have been used in the hack to infiltrate the system, adding that it could have been phishing, insider help, or something else.
Vityuk says that the cyberattack didn’t have much impact on the Ukrainian Armed Forces (AFU), which does not rely on consumer-level communication providers and uses what he called “different algorithms and protocols.”
“[Regarding] drone detection, and missile detection, luckily, no, this situation didn’t affect us strongly,” he said.
The SBU warns that this may not be the last attempt by Russian hacker attacks on mobile operators in Ukraine.
You can also highlight the text and press Ctrl + Enter