Russian Hackers Penetrated Ukraine Telecoms Giant for Months


Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The attack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12.

In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."

The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."

Security Officer Comments:
A group called Solntsepyok, believed by the SBU to be affiliated with Sandworm, said it was responsible for the attack. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else.

Kyivstar is the biggest of Ukraine's three main telecoms operators and there are some 1.1 million Ukrainians who live in small towns and villages where there are no other providers, Vitiuk said. People rushed to buy other SIM cards because of the attack, creating large queues. ATMs using Kyivstar SIM cards for the internet ceased to work and the air-raid siren - used during missile and drone attacks - did not function properly in some regions.

Suggested Corrections:
Telecoms, along with other critical infrastructure, are prime targets, especially during times of heightened geo-political tension and conflict. The industry must continue to take proactive measures to safeguard against these attacks.