Russian hackers got into the system of Kyivstar, a Ukrainian telecommunications operator, at least in May 2023, although the large-scale attack took place on 12 December.

Source: Illia Vitiuk, head of the cyber security department of the Security Service of Ukraine, in an interview with Reuters

Details: During the investigation, the Security Service of Ukraine found that hackers probably tried to infiltrate Kyivstar in March or earlier, Vitiuk said.

Quote: “For now, we can say securely, that they were in the system at least since May 2023,” he said. “I cannot say right now, since what time they had … full access: probably at least since November.”

More details: Vitiuk called the attack on Kyivstar “a big message, a big warning not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable.”

He noted that the attack destroyed “almost everything”, including thousands of virtual servers and PCs, and was probably the first example of a devastating cyber attack that “completely destroyed the core of a telecoms operator”. Vitiuk said that the attack caused catastrophic damage and was intended to inflict a psychological blow and gather intelligence.

Security Service of Ukraine said that with the level of access that the hackers gained, they could have stolen personal information, located phones, intercepted SMS messages and possibly hijacked Telegram accounts.

A Kyivstar spokesperson said the company is working closely with the Security Service of Ukraine to investigate the attack and will take all necessary measures to eliminate future risks, assuring that “no facts of leakage of personal and subscriber data have been revealed”.

Vitiuk said that the Security Service helped Kyivstar restore its systems in a matter of days and repel new cyberattacks.

“After the major break there were a number of new attempts aimed at dealing more damage to the operator,” he said.

Vitiuk noted that the attack did not have a major impact on the Ukrainian military, which did not rely on telecoms operators and used what he described as “different algorithms and protocols.”

“Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn’t affect us strongly,” he said.

Vitiuk is almost certain that the attack on Kyivstar was carried out by Sandworm, a cyber unit of Russia’s military intelligence service that has been linked to cyber attacks in Ukraine and other countries.

A year ago, Sandworm infiltrated a Ukrainian telecommunications operator but was detected because the Security Service of Ukraine itself was inside Russian systems. Vitiuk said this, declining to name the Ukrainian company affected by the attack. No previous hacks had been reported.

Vitiuk stated that telecommunications operators may remain a target for Russian hackers. He noted that last year, the Security Service prevented more than 4,500 major cyberattacks on Ukrainian government bodies and critical infrastructure facilities.

A group called Solntsepek, which the Security Service of Ukraine believes to be linked to Sandworm, claimed responsibility for the attack on Kyivstar.

Vitiuk noted that Security Service investigators are still working to establish how Kyivstar was hacked and what type of Trojan horse malware may have been used for the hack, adding that it could have been phishing, someone helping from the inside or something else.

He added that the attack on Kyivstar could have been easier to carry out because of the similarities between it and Russian mobile operator Beeline, which was built using similar infrastructure.

Support UP or become our patron!