Ukrainian intelligence reviews serious hack of mobile network provider Kyivstar

On January 5, 2024, Illia Vitiuk, head of cybersecurity for Ukrainian intelligence (SBU), commented on the cyberattack that hit Ukraine’s leading mobile network provider, Kyivstar. On December 12, 2023, its 24 million users were deprived of Internet access and, for many, prevented from making or receiving calls and/or texting. The provider only managed to restore the network on December 20, 2023.

Illia Vitiuk confirmed the attack had been attributed to a cybercriminal group (probably Sandworm) with ties to the GRU, Russian military intelligence. The hackers allegedly infiltrated Kyivstar’s computer systems as early as May 2023, and probably rolled out a very large-scale wiper. Indeed, the cyberattack erased “almost everything,” including thousands of virtual servers and PCs.

According to the head of SBU, this is the first case in the world of a cyberattack “completely destroying the heart of a telecoms provider.” Cybercriminals also stole a significant amount of data, in particular personal and device location information. They also managed to intercept text messages. However, Russia’s cyberattack did not disrupt Ukrainian military operations, as the latter communicate through other channels that are more secure than mobile networks.

“This attack sends a message, an important warning, not only to Ukraine, but also to all of the West, that no one is untouchable,” firmly concluded Illia Vitiuk.