The hacker attack on the computer system of Kyivstar, Ukraine’s largest mobile operator, caused “catastrophic” destruction and “destroyed almost everything.” In an interview with Reuters, stated Head of the Cybersecurity Department of the Security Service of Ukraine (SBU) Ilya Vityuk.
He said hackers destroyed thousands of virtual servers. The attack may be the first example of a complete destruction of the core of a telecommunications system. According to Vityuk, the attack was a warning that no one can count on immunity.
However, according to him, this had almost no impact on the work of the Ukrainian army, because the army uses different systems. In addition, Vityuk assured that the attack did not affect air defense systems.
The head of the SBU cybersecurity department stated that hackers penetrated the system long before the attack occurred. He added that hackers had been on the Kyivstar system since at least May 2023 and were able to gain full access to the system in November.
They can steal users’ personal data, determine their location, intercept SMS messages, and possibly even break into Telegram accounts. At the same time, as Vityuk said, the company did not detect any information leaks.
Group of Sandworms
Vityuk told Reuters reporters that the investigation into the attack was ongoing. In particular, the SBU is currently examining malware samples used by hackers.
At the same time, the head of the cybersecurity department is “almost certain” that the hacker group Sandworm was behind the attack. (SBU considers it the cyber unit of Russian military intelligence).
This is not Sandworm’s first cyberattack on Ukraine. The group will operate in 2022 data The company Mindiant exploited a vulnerability in the SCADA substation control system. Mindiant research states that the attack carried out by hackers on October 10, 2022 led to an unplanned power outage.
Attack on Kievstar
Strana.ua wrote that on the morning of December 12, 2023, a major failure in the work of Kyivstar occurred – users complained about problems with communication and the Internet. The operator’s press service reported that the cause of the failure was a hacker attack.
Later, Kyivstar president Alexander Komarov said that hackers were able to hack security through the account of one of the company’s employees. According to Komarov, the IT infrastructure was “partially destroyed” due to the cyber attack.
Following the attack, the SBU filed an eight-count case, including violation of the country’s territorial integrity and immunity, treason, sabotage, and violation of the laws and customs of war.
According to one version, Russian intelligence services were behind the attack. Telegram channel Readovka 13 December WroteRussian hacker group Solntsepek claimed responsibility for the attack on Kievstar. The publication states that the internal network infrastructure of the organization, which provides communications not only to subscribers but also to the Armed Forces of Ukraine, was destroyed. The hackers also gained access to customers’ personal information: full name, passport information and addresses.
The group also expressed gratitude to “the relevant employees of Kyivstar”, with whom it was possible to hack the operator’s system.