Russian hackers penetrated the system of the Ukrainian telecommunications operator Kyivstar at least in May last year, although a large-scale attack occurred on December 12. This was stated by the head of the Cybersecurity Department of the Security Service of Ukraine Ilya Vityuk in an interview with Reuters.
►Subscribe to the Ministry of Finance page on Facebook: main financial news
< h3>What they say in the SBU
During the investigation, the SBU established that hackers probably tried to penetrate Kyivstar in March or earlier, Vityuk noted.
“So far we can say with confidence that they have been in the system since at least May 2023. “I can’t say now since when they had… full access: probably at least since November,” he noted.
The head of the Cyber Security Department called the attack on Kyivstar “a big message, a big a warning not only for Ukraine, but also for the entire Western world to understand that no one is really touched.”
He noted that the attack destroyed “almost everything,” including thousands of virtual servers and PCs. and was probably the first example of a destructive cyber attack that “completely destroyed the core of a telecommunications operator.”
Read: Hacker attack on Kyivstar: It became known how the mobile operator’s security was hacked
According to Vityuk, the attack caused “catastrophic” destruction and was aimed at inflicting a psychological blow and collecting intelligence data.
< p>According to SBU estimates, with the level of access that the hackers received, they could steal personal information, find the location of phones, intercept SMS messages and, possibly, steal Telegram accounts.
A representative of Kyivstar stated that the company is closely cooperating with the SBU in the investigation of the attack and will take all necessary measures to eliminate future risks, assuring that “no facts of leakage of personal and subscriber data have been detected.”
According to Vityuk , the SBU helped Kyivstar restore its systems in a matter of days and repel new cyber attacks.
“After a significant break, a number of new attempts were made aimed at causing more damage to the operator,” he said.
Vityuk noted that the attack did not have much impact on the Ukrainian military, which did not rely on telecommunications operators and used what he described as “different algorithms and protocols.”
“If we talk about detecting drones, if we talk about about the detection of missiles, then, fortunately, no, this situation did not affect us much,” he said.
Vityuk is “almost sure” that the attack on Kyivstar was carried out by Sandworm, a cyber unit of Russian military intelligence associated with cyber attacks in Ukraine and other countries.
A year ago, Sandworm infiltrated a Ukrainian telecommunications company operator, but was discovered by Kiev because the SBU itself was inside Russian systems, the head of the Cybersecurity Department said, declining to name the company. The preliminary hack has not been previously reported.
According to Vityuk, telecommunications operators may remain a target for Russian hackers. He noted that last year the SBU prevented more than 4,500 major cyberattacks on Ukrainian government agencies and critical infrastructure.
A group called Solntsepek, which the SBU considers connected to Sandworm, claimed responsibility for the attack on Kyivstar.
Vityuk noted that SBU investigators are still working to establish how Kyivstar was penetrated and what type of Trojan horse malware could have been used for the hack. adding that it could have been phishing, someone helping from the inside, or something else.
According to Vityuk, the attack on Kyivstar could have been carried out more easily due to the similarities between it and the Russian mobile operator Beeline, built using similar infrastructure.
Background
On December 12, a large-scale cyber attack was carried out on Kyivstar. According to the company's CEO, hackers destroyed part of the IT infrastructure. On the morning of December 13, the network had not resumed operation. At the same time, company representative Irina Lelichenko noted that Kyivstar plans to complete work on the resumption of services on Wednesday.
Also, the Ministry of Finance previously wrote that Kyivstar has partially restored fixed-line communications.
Hackers working for Russia took responsibility for the cyber attack on the operator. In their Telegram channel, they posted several screenshots allegedly proving their involvement in the crime.
Read: Kyivstar denied the statement of Russian hackers: customer data is protected
< ul class="news-chips">Cybersecurity