Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war
The hack of Ukraine’s largest telecommunications operator, Kyivstar, was “one of the highest-impact disruptive cyberattacks on Ukrainian networks” since Russia invaded the country last year, British defense intelligence said.
The attack, which began on December 12, left Kyivstar subscribers without mobile signal and internet for two days. The company provides services to more than half of Ukraine’s population, according to the British Ministry of Defence, which published a brief on the incident over the weekend.
One cyber incident comparable in scale to the Kyivstar hack is last year’s Russian attack on the satellite company Viasat, which disabled thousands of satellite modems throughout the country and other parts of Europe and led to the malfunction of thousands of wind turbines in Germany. The Viasat hack is believed to have been carried out by Russian intelligence to degrade the communication abilities of the Ukrainian government and military.
Last week, the Russian hacker group Solntsepek, previously linked to the notorious Sandworm hackers, claimed responsibility for the Kyivstar hack, stating that they intended to disrupt communications for the Ukrainian military.
Ukraine claimed that the cyberattack did not impact the communication systems of its armed forces but did have several downstream effects. For instance, it disrupted air raid sirens, some banks, ATMs, and point-of-sale terminals.
Kyivstar resumed most of its services on December 14.
ℹUpdate: Metrics show that connectivity on Ukraine telco #Kyivstar is now largely restored after an extended outage attributed to a cyberattack; Russian hackers have claimed the attack that knocked out mobile, fixed-line for millions, also impacting air raid alerts and banks pic.twitter.com/2FcAmjN5am
— NetBlocks (@netblocks) December 14, 2023
The company’s CEO Oleksandr Komarov called the Kyivstar hack “the largest cyberattack on telecom infrastructure in the world.” According to his statement, the hackers launched the attack on Kyivstar’s core network and managed to destroy some of its functions.
The hackers broke into Kyivstar systems through the compromised account of one of the company's employees, Komarov said.
The company and the country's security services deliberately turned off the entire network when they detected the attack.
The investigation into the incident is ongoing. Kyivstar said it has repelled around 500 cyberattacks on its systems since the start of the full-scale war in Ukraine.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.