Russian Hackers Infiltrated Kyivstar Mobile Provider System Six Months Prior to Cyberattack

Kyivstar experienced a large-scale failure, which led to the shutdown of mobile communications and the internet for about 24 million subscribers for several days in December 2023.

How? Russian hackers penetrated the system of the Ukrainian telecommunications giant back in May 2023.

JOIN US ON TELEGRAM!

Follow our coverage of the war on the @Kyivpost_official.

In an interview with Reuters, the head of the cyber security department of the Security Service of Ukraine (SBU), Ilya Vityuk, said that this attack’s objectives were to inflict a psychological blow to the public and obtain intelligence information.

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” said Vityuk.

The attack destroyed “almost everything,” including thousands of virtual servers and PCs, he said. Reuters writes that this is probably the first example of a destructive cyberattack that destroyed the core of a telecommunications operator. This happened even though Kyivstar invested heavily in cyber security.

During the investigation, the SBU found that hackers probably tried to break into Kyivstar in March or earlier.

“Now we can say [with certainty] that they were in the system at least since May 2023,” he said. “I cannot say right now, from when they had... full access: probably at least since November.”

He doesn’t rule out that Russian hackers could have stolen personal information, located phones, intercepted SMS messages, and possibly stolen Telegram accounts during the attack.

‘I’ll Put a D-30 on You’ – Russian Commander Coerces Soldiers to Advance in Kharkiv Region Under Threat of Death

In a newly intercepted conversation, a Russian commander threatens the soldier that the barrier troops will kill him and his comrades if they refuse to go on assault in the Kharkiv region.

Kyivstar claims that customer data was not compromised, counter to the SBU assessment of possible breaches.

The SBU also reported that after the provider's operation was restored, there were still attempts at cyberattacks to cause more damage.

It’s currently difficult to investigate the incident due to the destruction on the provider’s system. But the SBU believes the attack may have been carried out by a group of Sandworm hackers, a unit of Russian military intelligence for cyber warfare.

Vityuk said SBU investigators are still working to establish how Kyivstar was hacked and what type of software or apps could have been used in the hack to infiltrate the system, adding that it could have been phishing, insider help, or something else.

Vityuk says that the cyberattack didn’t have much impact on the Ukrainian Armed Forces (AFU), which does not rely on consumer-level communication providers and uses what he called “different algorithms and protocols.”

“[Regarding] drone detection, and missile detection, luckily, no, this situation didn’t affect us strongly,” he said.

The SBU warns that this may not be the last attempt by Russian hacker attacks on mobile operators in Ukraine.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter

Kyiv Post

The Kyiv Post is Ukraine's English-language newspaper and proud winner of the 2014 Missouri Honor Medal for Distinguished Service in Journalism. The newspaper's first print edition came out on Oct. 18, 1995, and went online in 1997.