Cyberattack on Ukraine's telecom giant: Russian hackers have been in system at least since May 2023

Ilia Vitiuk, head of the Ukrainian Security Service’s (SBU) cybersecurity department told Reuters.

According to him, the attack caused catastrophic damage to the system and was intended to inflict a psychological blow and obtain intelligence.

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

He noted that Kyivstar has actually invested heavily in cybersecurity, but the attack destroyed "almost everything," including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that completely destroyed the core of a telecom operator.

During the investigation, the SBU found that the hackers probably tried to infiltrate Kyivstar in March or earlier, Vitiuk said.

"For now, we can say securely that they were in the system at least since May 2023," he said.

The hackers probably gained full access in November.

According to the SBU, the hackers could have stolen personal information, located phones, intercepted SMS messages, and possibly hijacked Telegram accounts.

Vitiuk noted that the SBU helped Kyivstar restore its systems and repel new cyberattacks in a few days.

"After the major break there were a number of new attempts aimed at dealing more damage to the operator," he noted.

Vityuk said he was fairly certain that the attack was carried out by Sandworm, a cyberwarfare unit of Russia's military intelligence that has been linked to cyberattacks in Ukraine and other countries.

A year ago, Sandworm infiltrated the system of a Ukrainian telecommunications operator, but was detected by Kyiv because the SBU itself was in Russian systems, Vitiuk said, declining to name the company. The previous hack had not been reported before.

The SBU is still investigating how the hackers got into Kyivstar's system.

• On the morning of December 12, 2023, Kyivstar users lost mobile communication due to a failure. The company said that the failure was caused by a powerful hacker attack. The SBU opened criminal proceedings under eight articles, including high treason and sabotage.
• Russian hackers from the Solntsepek group claimed responsibility for the cyberattack on Kyivstar. They claimed to have stolen personal data of users.
• Ukraine's Defense Ministry's Main Intelligence Directorate stated that the Russian cyberattack was aimed at civilians and had no impact on the Defense Forces.
• On December 15, Kyivstar restored communication and mobile Internet.