Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Russian Cyberstrike: Ukrainian Telecom Faces Devastation and Espionage

Executive Summary

Illia Vitiuk head of the Security Service of Ukraine’s (SBU) cybersecurity department, recently revealed significant details about a cyberattack on Kyivstar. This cyberattack, which targeted Kyivstar, Ukraine’s largest telecom operator, is one of the many cyberattacks conducted by Russia against Ukraine.

The attack, starting on 12 December 2023, caused service outages and extensive IT infrastructure damage. Russian hackers had been in the system since at least May 2023. The attack disrupted services for millions, affecting vital communications and air raid alert systems. Vitiuk described the attack as a major psychological and intelligence-gathering blow, marking it as a profoundly destructive event in cybersecurity history.

Vitiuk stated that the pattern of behaviour indicated that Russian hackers could continue to target telecom operators. He mentioned that the SBU successfully prevented more than 4,500 significant cyberattacks on Ukrainian governmental bodies and critical infrastructure in the previous year.

The Attack

The Russian cyberattack on Kyivstar began on 12 December 2023 and quickly escalated into one of the most significant disruptions in recent times. Kyivstar, catering to more than half of Ukraine’s population with mobile and home internet services, faced a complete service shutdown. This not only caused communication breakdowns for millions of Ukrainians but also had a severe impact on critical services.

Key systems, including air raid alert mechanisms in parts of Kyiv, were compromised, posing a direct risk to civilian safety during potential air assaults. The attack severely damaged Kyivstar’s IT infrastructure, wiping out thousands of virtual servers and PCs. It disrupted not only the telecom services but also affected ATMs and emergency services relying on Kyivstar’s network.

The timing of the attack coincided with Ukrainian President Volodymyr Zelenskiy’s visit to Washington, highlighting its strategic nature.

The Response

In response to the attack, Kyivstar and the SBU acted swiftly. They focused on restoring services and securing the network against further breaches. Kyivstar kept the public informed through regular updates. The company’s CEO, Oleksandr Komarov, announced on national television the significant damage to their infrastructure and the steps taken to counter the cyberattack.

By 20 December, Komarov confirmed that Kyivstar fully restored all its services across the country. He praised the coordinated efforts with the SBU, highlighting their crucial role in the swift recovery. The SBU also successfully repelled subsequent attack attempts.

Additionally, Kyivstar reassured its users by confirming that there was no evidence of personal and subscriber data leakage. The company pledged to continue working closely with the SBU to investigate the attack thoroughly and implement necessary measures to prevent future risks.

Threat Actors Behind the Attack

Based on the investigation, Vitiuk states that he is “pretty sure” that the attacker was a group called Sandworm. Sandworm is believed to be a Russian military intelligence cyber warfare unit affiliated with Solntsepyok.

Solntsepyok, which claimed responsibility for the attack, stated that they targeted Kyivstar because the company provides communications to the Ukrainian Armed Forces, state bodies, and Ukraine’s security forces.

This suggests a strategic motive to disrupt communications and gather intelligence. Additionally, this cyberattack has been linked to broader geopolitical tensions and the ongoing conflict between Russia and Ukraine. Furthermore, the nature of the attack, which involved surveillance and data gathering, indicates a motive for espionage and intelligence collection.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.