The Security Service of Ukraine (SSU) identified hackers from the Russian GRU who attacked Kyivstar in December 2023. The law enforcement officers will hand over the case materials to the International Criminal Court in The Hague.
Who carried out a cyber attack on Kyivstar
In an interview with Ukrinform, the SSU Cyber Security Department chief, Ilya Vityuk, said that cyber specialists and investigators of the Security Service of Ukraine are gathering evidence on hackers of the central intelligence department of the General Staff of the Russian Federation (better known as the GRU).
It was they who attacked "Kyivstar".
After conducting all examinations and announcing suspicions, the materials of this investigation will be transferred to the International Criminal Court in The Hague.
We are working to announce suspicions following our legislation and, in the future, to transfer these cases to the International Criminal Court. War criminals should be tried at the international level!
Ilya Vityuk
Head of the SSU Cyber Security Department
Vityuk emphasised that cyber attacks on civilian infrastructure should be recognized as war crimes.
The SSU established that the attack on "Kyivstar" was carried out by the SandWorm hacker group, which is a full-time unit of the Russian GRU.
According to Vityuk, the SSU is currently examining the systems affected by hackers and the damage caused. The special service also requested additional information from international partners.
The law enforcement officers are investigating all vertical members involved in this attack.
Not only the specific hacker, but also, at least, the head of the military unit and the leadership of the special service, which carries out destructive activities, should be responsible for what has been done, Vityuk said.
Cyber attack on Kyivstar: what is known
On December 12, one of the largest mobile operators of Ukraine experienced a malfunction. The company said it had become a victim of a "powerful hacker attack".
According to the general director of Kyivstar, Oleksandr Komarov, part of the virtual IT infrastructure was destroyed.
At the same time, it was reported that Ukrainians' data was not leaked. Due to the failure, bank terminals, communications, and alarm notifications did not work in some regions.
Russian hackers claimed responsibility for the attack, which the so-called Solntsepek group carried out. The group claimed to have destroyed 10,000 computers, over 4,000 servers, and all cloud storage and backup systems.
The SSU later clarified that this pseudo-hacker group is a hacking unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (better known as the GRU).
