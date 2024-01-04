Russian hackers carried out a significant cyberattack on Ukraine’s leading telecoms operator, Kyivstar, that lasted for several months, posing a dire threat to not only Ukraine but also the entire Western world. The attack, which occurred in May of the previous year, caused widespread destruction and aimed to gather intelligence and deliver a psychological blow. While the attack only became public last December, it is now being seen as one of the most damaging cyberattacks since Russia’s invasion of Ukraine in 2014.

The cyber spy chief of Ukraine’s Security Service, Illia Vitiuk, provided exclusive details on the attack, highlighting the devastating impact it had on Kyivstar. The hack resulted in the loss of virtual servers, personal computers, and other critical infrastructure, marking it as the first example of a destructive cyberattack that completely destroyed a telecoms operator’s core systems. Vitiuk emphasized that the attack should serve as a wake-up call, demonstrating that no entity, no matter how robust its cybersecurity measures, is immune to such cyber threats.

During the investigation, it was discovered that the hackers had gained access to Kyivstar’s system since at least May 2023, with full access likely obtained around November. With this level of access, the hackers would have had the ability to steal personal information, intercept SMS messages, and potentially compromise Telegram accounts. However, Kyivstar has stated that no leakage of personal or subscriber data has been uncovered.

The attack on Kyivstar had far-reaching consequences for Ukraine’s population, with millions of users left without telecom services for several days. ATMs using Kyivstar SIM cards for the internet stopped functioning, and certain regions experienced issues with the air-raid siren used during missile and drone attacks. Nevertheless, the attack had a minimal impact on Ukraine’s military capabilities, as they rely on different algorithms and protocols for critical operations like drone and missile detection.

The cyber spy chief, Vitiuk, pointed to the Russian military intelligence unit known as Sandworm as the likely culprits behind the attack. Sandworm has been previously connected to cyberattacks in Ukraine and other countries. Vitiuk also highlighted the vulnerability of telecoms operators as potential targets for Russian hackers, as demonstrated by the thousands of cyberattacks that Ukraine’s Security Service thwarted in the past year alone.

While the specific details of the attack’s execution remain under investigation, it is suspected that the hackers utilized trojan horse malware or phishing techniques to gain entry into Kyivstar’s systems. The scale and similarity between Kyivstar and the Russian mobile operator Beeline may have also played a role in facilitating the attack. The investigation is ongoing, focusing on analyzing malware samples recovered from the attack.

Kyivstar, with the assistance of Ukraine’s Security Service, has fully restored its services and is working closely with authorities to prevent future cyber threats. However, this incident serves as a powerful reminder of the increasing sophistication and boldness of cyberattacks, underscoring the urgent need for robust cybersecurity measures across all industries and countries.

FAQs

1. What is Kyivstar?

Kyivstar is Ukraine’s largest telecoms operator, providing services to millions of users across the country.

2. Who were the hackers behind the attack?

The cyberattack was likely carried out by Sandworm, a Russian military intelligence cyberwarfare unit known for its involvement in previous cyberattacks in Ukraine and elsewhere.

3. What were the consequences of the attack?

The attack resulted in the disruption of telecom services for millions of Kyivstar users, impacting communication and causing issues with services such as ATMs and air-raid sirens. However, Ukraine’s military operations were minimally affected due to their reliance on different systems.

4. How is Kyivstar addressing the issue?

Kyivstar has worked closely with Ukraine’s Security Service to restore its systems and is taking necessary steps to mitigate future risks.

5. Is personal data compromised?

According to Kyivstar, there have been no reports of personal or subscriber data leakage as a result of the cyberattack.