Russian hackers breach Ukraine's largest telecom
Russian hackers infiltrated Kyivstar, Ukraine's telecom giant, from at least May last year, posing a significant warning to the West, Ukraine's chief cyber intelligence officer revealed. This attack, one of the most severe since Russia's full-scale invasion two years ago, disrupted services for Kyivstar's 24 million users for several days starting December 12.
Illia Vitiuk, head of Ukraine's SBU cybersecurity department, in an interview, described the attack's disastrous impact, aiming to both psychologically impact and gather intelligence. Vitiuk noted that Kyivstar, a well-funded private company, had heavily invested in cybersecurity, underscoring the attack's severity.
The hackers likely began their infiltration as early as March, Vitiuk disclosed in a December 27 Zoom interview. "We confirmed their presence in the system by May 2023," he said, adding that full access was probable by November. This access enabled them to potentially intercept SMS messages, steal personal data, and compromise Telegram accounts.
A Kyivstar spokesperson reported the company's collaboration with the SBU in investigating the attack and mitigating future risks. There were no confirmed data leaks.
The SBU assisted Kyivstar in swiftly restoring its systems and repelling subsequent attacks. Kyivstar is crucial for communication, especially during emergencies, serving as the primary telecom operator for 1.1 million Ukrainians in remote areas.
The attack reportedly had minimal impact on Ukraine's military, which uses different communication protocols and algorithms, including drone and missile detection systems.
Vitiuk suspects Russian military intelligence cyberwarfare unit Sandworm orchestrated the attack. He recalled a similar incident a year ago, where the SBU detected Sandworm's infiltration of another Ukrainian telecom operator.
In 2022, the SBU countered over 4,500 cyberattacks on Ukrainian government bodies and critical infrastructure. Solntsepyok, a group linked to Sandworm, claimed responsibility for the Kyivstar attack.
Investigations continue to determine the exact method of entry into Kyivstar's network, with phishing, internal assistance, or other methods considered. Analyzed malware samples could further elucidate the breach.
Kyivstar CEO Oleksandr Komarov announced the full restoration of services nationwide on December 20, with Vitiuk commending the SBU's effective response.
Vitiuk speculated that Kyivstar's vulnerability might stem from its similarity to Russia's Beeline mobile operator, which shares a similar infrastructure. This familiarity could have eased the hackers' navigation through Kyivstar's network.
The attack, coinciding with Ukrainian President Volodymyr Zelenskiy's visit to Washington, did not trigger a significant missile or drone strike, possibly limiting its impact while sacrificing a key intelligence tool. The timing of the attack on December 12 remains unclear, with Vitiuk quipping, "Maybe some colonel wanted to become a general."