‘Account Compromise’ Caused December Cyberattack

Kyivstar President Oleksandr Komarov has divulged further details about Russia’s cyberattack against the telecommunications company in December, which left its system infrastructure extensively damaged and knocked it out of operation for days.

During a panel discussion at the Kyiv International Cyber Resilience Forum (KICRF), Komarov said that there were two versions of events according to the ongoing investigation by the Security Service of Ukraine (SBU), with one version pointing towards compromised accounts between Kyivstar and a service provider.

He said that once the accounts were breached, hackers were able to access the system and later launch attacks against the virtual and physical infrastructure, which nearly wiped out the former.

Komarov added that he wasn’t sure if a single employee was responsible for the account compromise, and nothing is conclusive at this point of the investigation.

Ilya Vityuk, head of the SBU's Cyber Security Department, told Reuters in January that hackers had access at least since May 2023. Vityuk also said in an earlier panel discussion that some residents were unable to receive missile strike warnings because of the network outage.

Serhii Demediuk, deputy secretary of the National Security and Defense Council of Ukraine, told Kyiv Post that authorities informed Kyivstar of the threats five months prior to the hack and that more work is needed to prevent similar incidents.

“So now we are revising, or revisiting, our algorithms [...] our relations with large, private tech corporations so that we can prevent them in practice from showing such vulnerabilities,” said Demediuk.

Russia’s Lethal Electronics Are Impossible Without the West

Microchips and other high-tech components are essential to maintaining Russia’s war machine. If the West gets serious about blocking access, Moscow’s forces will be crippled.

Yegor Aushev, CEO of cybersecurity firm Cyber Unit Technologies, told Kyiv Post the Kyivstar incident was in fact a “cyber operation” that took months of planning, which would explain the gap between the hacker gaining access and conducting the attack.

“Usually every big cyber operation, cyber attack, [is prepared] in advance – like six months to three months minimum. And then hackers get in, they wait, and then when they need [to] they start to do something,” said Aushev.

Komarov said “the biggest change” following the incident is the revamping of Kyivstar’s infrastructure towards “micro-segmentation,” where the system is decentralized and security controls are deployed to each segment based on requirements.

“Therefore, the biggest and most fundamental conclusion is a total change in architecture from how they were built within the separation from the technological and IT infrastructure,” said Komarov.

In January, VEON, Kyivstar’s parent company, reported an estimated loss of $95 million in revenue as a result of the incident “arising from the customer loyalty measures taken by Kyivstar” to compensate the customers.

Founded in 1994, Kyivstar is Ukraine’s largest mobile operator. The company reported that in the first quarter of 2023 it served over 24 million cell phone subscribers and more than 1.1 million home internet subscribers. It has also built the largest communication infrastructure in Ukraine spanning more than 53 thousand base stations.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter

Leo Chiu

Leo Chiu is a news reporter residing in Eastern Europe since 2015 with a profound interest in geopolitics, having witnessed two presidential elections in Belarus and visited numerous contested regions worldwide. He believes in the human side of journalism and that there's a story to be told behind every number and statistic.