Russian hackers infiltrated Kyivstar system in May 2023 or earlier – Security Service of Ukraine
Russian hackers got into the system of Ukrainian telecommunications operator Kyivstar in May 2023 or even earlier, although the large-scale attack did not take place until 12 December.
Source: Illia Vitiuk, head of the cyber security department of the Security Service of Ukraine, in an interview with Reuters
Details: During the investigation, the Security Service of Ukraine (SSU) found that hackers had probably tried to infiltrate Kyivstar in March or earlier, Vitiuk said.
Quote: "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November."
More details: Vitiuk called the attack on Kyivstar "a big message, a big warning not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable."
He noted that the attack destroyed "almost everything", including thousands of virtual servers and PCs, and was probably the first example of a devastating cyber attack that "completely destroyed the core of a telecoms operator". Vitiuk said that the attack caused catastrophic damage and was intended to inflict a psychological blow and gather intelligence.
The SSU said that with the level of access that the hackers gained, they could have stolen personal information, located phones, intercepted SMS messages and possibly hijacked Telegram accounts.
A Kyivstar spokesperson said the company is working closely with the SSU to investigate the attack and will take all necessary measures to eliminate future risks, assuring that "no facts of leakage of personal and subscriber data have been revealed".
Vitiuk said that the SSU helped Kyivstar restore its systems in a matter of days and repel new cyberattacks.
"After the major break there were a number of new attempts aimed at dealing more damage to the operator," he said.
Vitiuk noted that the attack did not have a major impact on the Ukrainian military, which did not rely on telecoms operators and used what he described as "different algorithms and protocols."
"Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn't affect us strongly," he said.
Vitiuk is almost certain that the attack on Kyivstar was carried out by Sandworm, a cyber unit of Russia's military intelligence service that has been linked to cyber attacks in Ukraine and other countries.
A year ago, Sandworm infiltrated a Ukrainian telecommunications operator but was detected because the SSU itself was inside Russian systems, Vitiuk said, declining to name the Ukrainian company affected by the attack. No previous hacks had been reported.
Vitiuk stated that telecommunications operators may remain a target for Russian hackers. He noted that last year, the Security Service prevented more than 4,500 major cyberattacks on Ukrainian government bodies and critical infrastructure facilities.
A group called Solntsepyok, which the SSU believes to be linked to Sandworm, claimed responsibility for the attack on Kyivstar.
Vitiuk noted that SSU investigators are still working to establish how Kyivstar was hacked and what type of Trojan horse malware may have been used for the hack, adding that it could have been phishing, someone helping from the inside or something else.
He added that the attack on Kyivstar may have been easier to carry out because of the similarities between it and Russian mobile operator Beeline, which was built using similar infrastructure.
Background:
- A large-scale technical failure occurred in the Kyivstar network on the morning of 12 December.
- The mobile operator confirmed that a powerful hacker attack was the cause of the large-scale disruption on the morning of 12 December, but assured customers that their personal data is safe.
- Work to restore communications continued until 19 December.
- In connection with the large-scale failure as a result of the hacker attack, Kyivstar is taking legal action regarding interference in the operation of the network.
Support UP or become our patron!
