The Security Service of Ukraine has opened a criminal case over a cyberattack on the servers of Kyivstar mobile operator. One of the SSU's versions of the attack's mastermind and perpetrator is a "Russian trace".
Special services of Russia may be involved in the cyber attack on Kyivstar
The Security Service of Ukraine has opened a criminal investigation into a cyber attack on Kyivstar mobile operator.
This was reported by the press service of the agency.
The proceedings were opened under eight articles:
unauthorised interference with information networks
creation of malicious software
encroachment on the territorial integrity and inviolability of Ukraine
high treason
sabotage
conducting an aggressive war
violation of the laws and customs of war
participation in a criminal organization
One of the versions that SSU investigators are currently checking is that the Russian Federation's special services may be behind the hacker attack, the SSU said.
The agency adds that immediately after the attack, an SSU investigative team arrived at Kyivstar's office to document all the circumstances. The SSU cyber specialists are also on site to assist the company's employees and "coordinate the efforts of all government agencies to restore the network as soon as possible".
Kyivstar named the purpose of the hacker attack
The company's president, Alexander Komarov, said in a telethon that the attack had partially destroyed the IT infrastructure. The timeframe for recovery is currently unknown.
Therefore, we are still working on the issue of how long it will take to restore, and we have not made any statements yet. This is a war, and it is taking place not only on the battlefield but also in the virtual world, in cyberspace. And, unfortunately, we are suffering from the consequences of this war. In fact, it is the penetration and destruction of infrastructure. We see that the main goal of this attack is to destroy the operator's virtual IT infrastructure as much as possible.
He noted that experts have not yet recorded any leaks of personal data from Kyivstar's network, as data, for example, on the last calls of subscribers are stored on other infrastructure elements.
The experts concluded that the enemy's goal was to destroy the infrastructure. Komarov noted that the attackers had severely damaged the IT infrastructure, and the company could not counteract this at the virtual level, so they physically disconnected Kyivstar from the network to limit the enemy's access to the company's infrastructure.
Let me explain. This is when your IT specialists do not have access to your systems because the entire perimeter, which is protected by a directory with all the rights, is completely destroyed. Therefore, we need to work at the physical level, connecting to each element of the network to understand the level of destruction at this point.
