The cyberattack on Kyivstar, Ukraine’s largest mobile operator, drew sharp condemnation as it described the damage as catastrophic and extensive, with officials stating that almost everything in some parts of the system was destroyed. The remarks came in an interview with Reuters from Ilya Vityuk, head of the Cybersecurity Department at the Security Service of Ukraine (SBU).
Vityuk explained that thousands of virtual servers were disrupted and suggested the incident could mark the first instance of the core telecommunications infrastructure suffering near-total destruction. He characterized the attack as a stark warning that no one should assume immunity from sophisticated cyber threats.
Despite the scale of damage, the Ukrainian army reported minimal operational impact because it relies on alternative systems. Vityuk also asserted that air defense networks remained unaffected by the incident.
According to the SBU official, the intruders had gained access well before the attack date, with activity traced back to at least May 2023 and full access achieved by November of the same year. The breach posed the risk of stealing personal data, tracking user locations, intercepting SMS messages, and potentially compromising Telegram accounts. Nevertheless, Vityuk emphasized that Kyivstar had not observed any information leaks to date.
Group of Sandworms
Vityuk told Reuters that investigators were continuing the probe, with the SBU currently examining malware samples used by the attackers. He voiced strong confidence that the Sandworm group, widely viewed by the security services as the cyber unit of Russia’s military intelligence, was responsible for the breach.
He noted that Sandworm has a history of targeting Ukraine, including a 2022 incident involving a vulnerability in the SCADA substation control system that caused a power outage. Research on this earlier attack points to the strategic use of cyber operations to disrupt critical infrastructure.
Attack on Kyivstar
Media outlet Strana.ua reported a major service disruption in the early hours of December 12, 2023, with users experiencing outages in voice and data services. Kyivstar’s press office confirmed a hacker attack as the cause of the fault.
In a later statement, Kyivstar president Alexander Komarov attributed the breach to compromised security through an employee’s account. He described the IT infrastructure as partially destroyed by the cyber incident.
In the aftermath, the SBU opened an eight-count case, including charges related to breach of territorial integrity and sovereignty, treason, sabotage, and violations of wartime law and customs. One line of inquiry points to Russian intelligence involvement. A Telegram source claimed that the Russian hacker group Solntsepek claimed responsibility, alleging access to the operator’s internal network that serves subscribers and the Ukrainian Armed Forces. The attackers were said to have obtained customers’ personal information, including full names, passport data, and addresses. The group also expressed gratitude to internal Kyivstar personnel involved in breaching the system. This testimony reflects ongoing concerns about insider access and network security gaps that can be exploited by external actors. [Source: Reuters]