How this Ukrainian telecom company was hit by Russian hackers in one of the biggest cyberattack of war
Russian hackers have hacked the system of Ukraine’s leading telecoms operator, Kyivstar, in a cyberattack that lasted for several days. The attack, which took place in December last year, affected approximately 24 million users and caused significant disruption to services. According to Reuters, the head of Ukraine’s cybersecurity department, Illia Vitiuk, revealed exclusive details about the attack, describing it as “disastrous” and aimed at causing psychological damage and gathering intelligence.
Vitiuk emphasized the importance of this attack as a warning to both Ukraine and the Western world, highlighting that no one is exempt from cyber threats. He noted that Kyivstar, being a wealthy and private company that heavily invested in cybersecurity, was targeted to send a strong message. The attack resulted in the destruction of numerous virtual servers and PCs, making it the first known instance of a cyberattack completely crippling a telecoms operator.
The Security Service of Ukraine (SBU) conducted an investigation and found evidence suggesting that the hackers had been inside Kyivstar’s system since at least May 2023, with full access likely gained in November. Vitiuk stated that the hackers could have potentially stolen personal information, intercepted SMS messages, and gained access to Telegram accounts. However, Kyivstar denied any leakage of personal or subscriber data, stating that they were collaborating with the SBU to investigate the attack and mitigate future risks.
Vitiuk further revealed that the SBU’s prompt response helped Kyivstar restore its systems and fend off subsequent cyberattacks. He acknowledged that the attack had a limited impact on Ukraine’s military, as they relied on different algorithms and protocols for drone and missile detection.
The investigation into the attack is challenging due to the extensive wiping of Kyivstar’s infrastructure. Vitiuk strongly suspected that the Russian military intelligence cyberwarfare unit known as Sandworm was responsible for the attack, citing their previous involvement in cyberattacks in Ukraine. He also mentioned a previous hack by Sandworm on another Ukrainian telecoms operator, detected by the SBU. Vitiuk highlighted…
Vitiuk emphasized the importance of this attack as a warning to both Ukraine and the Western world, highlighting that no one is exempt from cyber threats. He noted that Kyivstar, being a wealthy and private company that heavily invested in cybersecurity, was targeted to send a strong message. The attack resulted in the destruction of numerous virtual servers and PCs, making it the first known instance of a cyberattack completely crippling a telecoms operator.
The Security Service of Ukraine (SBU) conducted an investigation and found evidence suggesting that the hackers had been inside Kyivstar’s system since at least May 2023, with full access likely gained in November. Vitiuk stated that the hackers could have potentially stolen personal information, intercepted SMS messages, and gained access to Telegram accounts. However, Kyivstar denied any leakage of personal or subscriber data, stating that they were collaborating with the SBU to investigate the attack and mitigate future risks.
Vitiuk further revealed that the SBU’s prompt response helped Kyivstar restore its systems and fend off subsequent cyberattacks. He acknowledged that the attack had a limited impact on Ukraine’s military, as they relied on different algorithms and protocols for drone and missile detection.
The investigation into the attack is challenging due to the extensive wiping of Kyivstar’s infrastructure. Vitiuk strongly suspected that the Russian military intelligence cyberwarfare unit known as Sandworm was responsible for the attack, citing their previous involvement in cyberattacks in Ukraine. He also mentioned a previous hack by Sandworm on another Ukrainian telecoms operator, detected by the SBU. Vitiuk highlighted…
