Elena Buturlim10:52, 01/04/24

The investigation into the attack is complicated by the destruction of the operator’s infrastructure.

Russian hackers have had access to the system of telecommunications giant Kyivstar since at least May last year. The cyberattack on the operator should be a “big warning” to the West. Ilya Vityuk, head of the cybersecurity department of the SBU, told Reuters .

According to him, the SBU previously established that hackers probably tried to penetrate Kyivstar in March or earlier. But at this point it is safe to say that they have been in the system since at least May 2023.

“I can’t say now since when they had… full access: probably at least since November,” Vityuk said.

He called the Kyivstar case probably the first example of a destructive cyber attack that “completely destroyed the core of a telecommunications operator.” The SBU spokesman added that the attack destroyed “almost everything,” including thousands of virtual servers and PCs.

“This attack is a big message, a big warning not only for Ukraine, but for the entire Western world to understand that in fact no one is inviolable,” the expert noted.

According to the SBU, hackers with this level of access were able to steal personal information, understand the location of phones, intercept SMS messages and possibly gain access to Telegram accounts.

At the same time, it is noted that the attack did not have much impact on the Ukrainian military, which did not rely on telecommunications operators.

However, the investigation into the attack is complicated by the destruction of Kyivstar’s infrastructure. Malware samples have been removed and are currently being analyzed. It is unclear why the hackers chose December 12. Vityuk is “almost sure” that the attack was carried out by the Russian military intelligence cyber unit Sandworm.

An SBU spokesman said the pattern of behavior suggests telecom operators may remain a target for Russian hackers. According to him, last year the SBU prevented more than 4,500 major cyber attacks on Ukrainian government agencies and critical infrastructure.

Attack on Kyivstar

On December 13, Kyivstar announced that  they were gradually beginning to “come to life”  after the large-scale failure on December 12. So, the company began to restore the voice call service. At the same time, the mobile Internet service was still unavailable.

On December 15,  Kyivstar stabilized communications in Kiev . As the company said, “this hacker attack turned into a multi-hour marathon of work.”

On December 20, the Kyivstar company began operating 100% in Ukraine after a large-scale failure: all services were fully restored to Ukrainians both within the state and in the roaming zone.

(C)UNIAN 2024