Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million

The recent cyberattack on Ukraine’s largest telecom provider will cost its parent company, Netherlands-based Veon, almost $100 million, according to a statement issued on Thursday.

The company anticipates that “there will be an impact on its consolidated revenue results for 2024 associated with the revenue loss arising from the customer loyalty measures” taken by its subsidiary, Kyivstar, in order to compensate for inconveniences caused by the attack in December.

The revenue impact of these offers is currently estimated to be approximately 3.6 billion Ukrainian hryvnias, or $95 million.

Following the incident, Kyivstar waived subscription fees for one month. The company typically charges around $8 monthly for its services, which include phone calls and mobile internet access.

“Kyivstar plans to continue its remediation and compensation efforts in the coming months,” Veon said in a statement.

The December hack of Kyivstar was “one of the highest-impact disruptive cyberattacks” on the country since the start of the war, officials have said.

The attack left 24 million Kyivstar subscribers in Ukraine and abroad without voice and data connectivity on mobile and fixed networks for two days.

The technical response to the incident was far less expensive than the subscription fee waivers, Veon said. Given that critical services were down for only a limited time, the cost of restoring them, replacing lost equipment and paying external consultants will not have a “material financial impact” on the company’s results for 2023, Veon said.

It's still unclear how many subscribers the company lost due to its service disruptions. On the day of the attack, December 12, many Ukrainians switched to SIM cards from two other local operators — Vodafone and Lifecell.

A spokesperson from Vodafone confirmed to Recorded Future News at that time that the company did experience a rise in new subscribers, while the load on its network increased by 30%.

The attack on Kyivstar is believed to have been carried out by the Russian state-controlled hacker group Sandworm. The hackers wiped “almost everything,” including thousands of virtual servers and personal computers, according to Illia Vitiuk, the head of the cybersecurity department at Ukraine’s security service (SBU).

The goal of the attack was to cause "disastrous" destruction, deliver a psychological blow, and gather intelligence, Vitiuk said.

Kyivstar ranks as one of Ukraine’s largest and most wealthy private companies, employing 3,500 people and generating $815 million in revenue in 2022.