Russian Hackers Infiltrate Ukrainian Telecom Giant, Prompting Widespread Disruption

A cyberattack targeting Ukraine’s Kyivstar, traced back to Russian hackers operating within the system since at least May of the previous year, has caused severe disruptions, signaling a significant warning about cyber threats, according to Illia Vitiuk, head of Ukraine’s Security Service’s cybersecurity division.

The attack, culminating in a near-destruction of vital infrastructure, resulted in a devastating outage that incapacitated services for approximately 24 million users from December 12. Vitiuk highlighted the hack’s calamitous impact, citing extensive destruction and its intended psychological and intelligence-gathering objectives.

Revealing exclusive details, Vitiuk mentioned that the intrusion likely commenced as early as March, with confirmed access since May 2023, possibly escalating to full system access by November. The breach allowed potential access to sensitive data, including personal information, location tracking of phones, SMS interception, and potential Telegram account theft.

Despite the incident, Kyivstar reassured that no personal or subscriber data leakage had been detected. However, the attack led to widespread disruptions, prompting citizens to seek alternative SIM cards due to service unavailability, causing significant inconveniences, including malfunctioning ATMs reliant on Kyivstar SIM cards and operational disruptions in emergency systems like air-raid sirens in certain regions.

The Security Service of Ukraine played a pivotal role in restoring Kyivstar’s systems and repelling subsequent cyber attacks. Notably, while the attack had minimal impact on Ukraine’s military operations, the situation underscored the necessity for distinct, resilient communication protocols and algorithms in such scenarios.

Vitiuk pointed towards Sandworm, a Russian military intelligence cyberwarfare unit, as the probable perpetrator, drawing on previous patterns of behavior and similarities with prior cyberattacks linked to this group. He noted that investigations into the breach were complicated due to the extensive wiping of Kyivstar’s infrastructure.

- Advertisment -ad

Most Popular