The head of cybersecurity in Ukraine’s spy service, the SBU, Illia Vitiuk, has disclosed in an interview with Reuters that Russian hackers had penetrated the systems of Kyivstar, Ukraine's leading telecommunications giant.
According to Vitiuk, the incursion into Kyivstar's systems has been ongoing since at least May 2023, with the hackers gaining full access possibly as early as November.
This cyberattack, which took place on December 12, disconnected more than 24 million customers from Kyivstar’s services. Vitiuk described the attack as catastrophic, not only as a psychological blow but also as a means of gathering intelligence. Almost everything, including servers and computers, was erased in the attack, leading to what Vitiuk considers potentially the first-ever complete destruction of a telecom company’s core systems.
Also read
The extent of the damage and theft of sensitive data, such as personal information, phone locations, text messages, and possibly even Telegram accounts, is still under investigation. However, the nature of the attack suggests that such data could have been compromised.
Vitiuk expressed strong confidence that the Russian hacker group Sandworm, believed to be a military cyberintelligence unit involved in numerous cyberattacks worldwide, orchestrated this attack. Responsibility for the attack was claimed by a group named Solntsepyok, which SBU suspects is linked to Sandworm.
This attack's implications extended beyond the telecom sector, affecting various facets of Ukrainian life. Following the attack, Ukrainians rushed to purchase new SIM cards, not fully aware of the attack's scope at the time. Additionally, ATMs connected to the internet via Kyivstar SIM cards and air raid sirens, critical for warning against missile and drone attacks, were disrupted in several regions, though fortunately, this did not lead to significant consequences.
The SBU is still investigating how the attack was executed, including whether an insider at Kyivstar assisted the hackers. While parts of the code used by the hackers have been recovered, most of it was lost when they erased large parts of the telecom company's infrastructure.
