Cyberwarfare: double attack in Ukraine and Russia

On December 12, 2023, Russia and Ukraine both led large-scale cyberattacks aimed at sensitive enemy infrastructure. The first strike was Russian: a cyberattack suspended the services of Kyivstar, Ukraine’s largest network provider (24 million customers).

The cybercriminal group Solntsepek claimed the attack on Telegram. “We destroyed 10,000 computers and 4,000 servers, all cloud storage and backup systems,” the group explained. According to Ukrainian authorities, Solntsepek is a direct offshoot of Sandworm, a cybercriminal group with ties to the GRU, Russian military intelligence.

A little later the same day, the GUR, Ukraine’s military intelligence, launched a cyberattack against Russia’s tax system, hitting 2,300 servers. The malware used is likely a wiper (data destruction software). At the moment, it is not known if the GUR strike was retaliation for the Russian one, or simply a coincidence.

As early as December 13, Kyivstar claimed to begin restoring its infrastructure. The provider is believed to have reactivated telephone calls and text messaging. “Services will be restored gradually, therefore there may still be some inconveniences in the short term,” explains Kyivstar.

In regard to the attack in Russia, on December 16, 2023, a GUR press release mentioned that “the Russians attempted for four days straight to restore the operations of tax authorities, without success.” The GUR added that “the paralysis (…) will last at least a month” and “it will be impossible to entirely bring back the oppressor State’s tax system.” The Russian administration replied that its taxpayers’ data was currently safe.