Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

https://www.cysecurity.news/2024/01/prior-to-cyber-attack-russian-attackers.html

Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. 

How? Russian hackers broke into the Ukrainian telecommunications giant’s system in May 2023. Ilya Vityuk, the chief of the Security Service of Ukraine’s (SBU) cyber security department, told Reuters that the attack’s aim was to inflict a psychological blow on the public and gather intelligence information. 

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” stated Vityuk. He said that hundreds of virtual servers and PCs were among the “almost everything” that the attack destroyed. 

Reuters writes this is most likely the first instance of a catastrophic cyberattack that destroyed a telecoms operator’s core. This happened despite Kyivstar’s significant investment in cyber security. The SBU discovered that hackers attempted to break into Kyivstar in March or earlier. 

“Now we can say [with certainty] that they were in the system at least since May 2023,” Vityuk added. “I cannot say right now, from when they had… full access: probably at least since November.” 

He leaves open the possibility that during the attack, Russian hackers may have located phones, intercepted SMS conversations, stolen personal information, and possibly stolen Telegram accounts. 

Kyivstar disputes the SBU’s assessment of potential breaches, claiming that customer data was not exposed. The SBU further revealed that attempts continued to launch additional cyber attacks to inflict greater harm even after the provider’s operations were resumed. 

The damage of the provider’s system makes it difficult to investigate the situation at this time. However, the SBU thinks that a gang of Sandworm hackers, a cyberwarfare unit of Russian military intelligence, may have been responsible for the attack. 

According to Vityuk, SBU investigators are still trying to figure out how Kyivstar was hacked and what kind of tools or software might have been used to get inside the system. They also indicated that it might have been phishing, insider help, or something else entirely. 

Vityuk claims that because the Ukrainian Armed Forces (AFU) employ “different algorithms and protocols” and do not depend on consumer-level communication carriers, the cyberattack had no effect on them. 

Fortunately, this incident didn’t have a significant impact on us in terms of missile and drone detection, he concluded. The SBU issues a warning, stating that there’s a chance that Russian hackers might try to attack Ukrainian cell operators again.