Russian hackers penetrated the Kyivstar system back in May 2023 — SSU
Category
Ukraine
Publication date

Russian hackers penetrated the Kyivstar system back in May 2023 — SSU

Hackers
Source:  Reuters

Russian hackers have been in the Kyivstar system since at least May of last year. The hacking of the company's system became a warning not only for Ukraine, but also for other countries.

The SSU revealed new details of the Russian hacker attack on "Kyivstar"

The head of the Cyber Security Department of the Security Service of Ukraine (SSU), Ilya Vityuk, reported that in December 2023, "Kyivstar" stopped working for several days due to a hacker attack. At that time, approximately 24 million users remained without communication, and some ATMs and retail outlets did not work.

The SSU not only helped "Kyivstar" to resume work in a few days, but also to repel new cyber attacks. After a large-scale breach, we prevented a series of attempts to cause even more damage to the operator. The enemy planned several strikes in a row to leave people without communication for as long as possible. In such a case, other operators could not withstand the long-term overloading of their networks, Ilya Vityuk noted.

According to Vityuk, the attack could be the first in the world when hackers managed to destroy the backbone network of a cellular operator — the centralised network responsible for providing essential services and coordinating their work.

The attack was aimed at collecting intelligence data and the task of psychological attack. The leak of users' data was not detected at the time.

The SSU investigation found that the hackers probably tried to break into Kyivstar in March 2023 or earlier and had been in the system since at least May.

I can't say now since when they had full access. "Probably, at least since November," Vityuk said.

An SSU representative says that after a significant break, there were several attempts aimed at inflicting more damage on "Kyivstar", but the special service helped repel new cyber attacks. The attack did not have much impact on the army, as the fighters used "different algorithms and protocols".

Ilya Vityuk confirmed that the hacker group Sandworm is behind this attack, a special unit of Russian military intelligence that has previously repeatedly carried out cyber attacks on Ukrainian objects, particularly on communication operators and Internet providers.

In general, according to Ilya Vityuk, since the beginning of the full-scale invasion, the Security Service has carried out almost 9,000 cyber attacks on state resources and objects of critical infrastructure of Ukraine.

Cyber attack on Kyivstar

On the morning of December 12, "Kyivstar" subscribers reported the disappearance of mobile Internet and communication.

Later, the company reported that a large-scale cyber attack had been carried out on "Kyivstar".

Russian hackers from the "Solntsepek" group, a Russian military intelligence hacker unit, took responsibility for the cyber attack on the operator.

From December 13, the company gradually restored voice communication, mobile Internet, SMS services, mobile Internet in Kyiv and Kharkiv subways, and roaming.

By staying online, you consent to the use of cookies files, which help us make your stay here even better 

Based on your browser and language settings, you might prefer the English version of our website. Would you like to switch?