SSU thwarted new cyberattacks by Russian hackers on “Kyivstar”

Chief of the SSU Cybersecurity Department Ilya Vityuk revealed this in an interview with Reuters.

“The SSU not only assisted ‘Kyivstar’ in restoring operations within a few days but also repelled new cyberattacks. After the extensive breach, we prevented a series of attempts to cause even more significant harm to the operator. The enemy planned to deliver multiple consecutive strikes to leave people without communication for as long as possible. In such a case, other operators might not withstand the prolonged overload of their networks”, he said.

The SSU continues to investigate the massive hacker attack on the Kyivstar network under several articles of the Criminal Code of Ukraine. Vityuk mentioned that cybersecurity specialists of the SSU are currently analyzing specific samples of malicious software used by the attackers. The attack had been meticulously prepared over several months.

At present, it is known that the Sandworm hacker group is behind this attack. Sandworm is a regular unit of Russian military intelligence and has previously carried out cyberattacks on Ukrainian targets, including communication and internet service providers.

SSU investigators found that hackers likely attempted to infiltrate Kyivstar in March 2023 or earlier, and they were in the system at least since May. Vityuk stated, “I cannot say now when they had full access. Probably, at least since November”.

Ilya Vityuk emphasized that this cyberattack significantly affected the civilian population but fortunately did not have a serious impact on military communications, as the Defense Forces use different communication algorithms and protocols. He also added that immediately after the incident, a response team and an operational-investigative group from the SSU were dispatched to the company’s offices to document and investigate all circumstances of the attack.

On the morning of December 12, “Kyivstar” subscribers began to complain about disruptions in the mobile operator’s services. Later, the CEO of the company, Oleksandr Komarov, announced that “Kyivstar” had become the target of a powerful hacker attack, resulting in almost three days of unavailability of all services for subscribers.

During the cyberattack, hackers managed to destroy 40% of the infrastructure of the mobile operator “Kyivstar.” The virtual layer of the network suffered the most significant impact.

Subscribers of “Kyivstar” were unable to use roaming from other operators due to internal roaming being blocked to prevent network overload.

On December 20, the largest Ukrainian telecommunications operator restored all services both within Ukraine and internationally. Currently, “Kyivstar” is operating without any restrictions.

Later on, Ukrainians were warned that hackers from Russia continue to exploit the aftermath of the “Kyivstar” outage to spread malicious software.

Photo: open sources