Russian hackers have been inside the systems of the Ukrainian mobile operator Kyivstar, which suffered a large-scale cyber attack in mid-December, since at least May 2023. told Reuters Head of the Cybersecurity Department of the Security Service of Ukraine (SBU) Ilya Vityuk.
According to Vityuk, the first attempts by hackers to penetrate Kyivstar’s systems were back in March. “At this point we can say with confidence that they have been in the system since at least May 2023. I can’t say now since when they had full access – probably at least since November,” Vityuk said.
As a result of the attack, Vityuk claims, “almost everything” was destroyed, including thousands of virtual servers. He called the hack the first example of a cyberattack that “completely disrupted the core of a carrier.”
According to the SBU, with the level of access that the hackers had, they could obtain personal information, find out the location of phones, intercept SMS and, possibly, steal telegram accounts. A Kyivstar representative told Reuters that no leaks of personal or subscriber data were identified after the attack, and the company is “working closely” with the SBU in the investigation.
According to Vityuk, he is “almost sure” that the attack was carried out by the Sandworm group, which is part of the Russian military intelligence unit. The involvement of this group in the attack in December is also wrote Ukrainian Forbes.
The SBU is still establishing how exactly the attack was carried out, Vityuk said. He suggests that the task for hackers could be made easier by the fact that the infrastructure of Kyivstar is similar to the infrastructure of the Russian Beeline.
“This attack is a big warning not only for Ukraine, but for the entire Western world, so that they understand that in fact no one is untouchable,” Vityuk said.
A large-scale disruption in the work of the largest Ukrainian operator Kyivstar occurred on December 12, 2023. Its consequence was infrastructure problems throughout the country: many subscribers were left without communication, ATMs began to turn off in cities, and the air raid warning system stopped working in Sumy.
The outage continued for several days. By December 15, most subscribers had voice communications and the Internet again, but Kyivstar fully restored service only by December 20.
Responsibility for the cyber attack on Kyivstar took hacker group “Solntsepek” took over. The SBU connects her with the Main Directorate of the General Staff of the Russian Armed Forces (GRU).
2024-01-04 09:38:00
#Reuters #Russian #hackers #penetrated #systems #Kyivstar #operator #months #cyberattack #Meduza