Stand behind Ukrainian independent journalism when it’s needed most. Help us reach 20,000 members.

Skip to content
Edit post

SBU cybersecurity chief: Hackers had access to Kyivstar months before December attack

by Nate Ostiller January 4, 2024 11:00 AM 3 min read
A Kyivstar building in Kyiv, Ukraine, on Dec. 25, 2012. (Wikimedia Commons/Maksym Kozlenko)
This audio is created with AI assistance

Russian hackers who shut down Kyivstar had penetrated the company's internal system months before the attack and likely had access to a variety of users' personal data, said Illia Vitiuk, the cybersecurity chief of the Security Service of Ukraine (SBU), in an interview with Reuters published on Jan. 4.

Ukraine came under a massive cyberattack on Dec. 12, which targeted Kyivstar, the largest telecommunications provider, and one of the country's most important banks, Monobank. People across the country reported internet and network outages, as well as issues with air raid alerts.

A Russian hacker group called Solntsepek claimed responsibility for the attack against Kyivstar in a statement published on Telegram on Dec. 13.

Vitiuk said that he was "pretty sure" the attack was carried out by Sandworm, a unit of Russia's military intelligence (GRU), which the SBU has linked to Solntsepek.

Kyivstar CEO Oleksandr Komarov said that hackers had managed to break through the company's cyber security measures through the compromised account of an employee.

The day after the attack, the company denied that any computers or servers had been destroyed and claimed that subscribers' personal data remained safe.

Kyivstar reiterated to Reuters on Jan. 4 that "no facts of leakage of personal and subscriber data have been revealed," adding that the company was cooperating closely with the SBU to investigate the attack.

A Kyivstar spokesperson, Iryna Lelichenko, said on Facebook the same day that "various versions (of how the attack took place) are being considered and voiced, but none of them can be seen as final until the official conclusion of the investigation."

"The cyber attack on the Kyivstar network affected some technological systems responsible for communication, but they were restored within a few days thanks to the professional work of the company's specialists and partners."

According to Lelichenko, Kyivstar has already carried out additional measures for cyber protection, including strengthening access control and implementing additional server and workstation control systems, and is planning further steps to bolster cyber security.

Vitiuk refuted that assertion, saying that the attack wiped "almost everything," which included servers. He added that it was likely one of the first examples of a hacking attack that "completely destroyed the core of a telecoms operator."

Since the hackers had access to Kyivstar servers since May 2023 and full access since November, they could likely have been able to "steal personal information, understand the locations of phones, intercept text messages and perhaps steal Telegram accounts with the level of access they gained."

The attack did not impact Ukraine's military, Vitiuk said, because it has a different cybersecurity configuration and does not rely on private telecoms providers.

He added that it was important not to underestimate the threat posed by such attacks, noting that Kyivstar is a wealthy company with highly developed cybersecurity systems.

"This attack is a big message, a big warning, not only to Ukraine but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

A complete investigation on how the hackers managed to penetrate Kyivstar's cybersecurity is still ongoing, he said, including analyzing the possibility that there was someone on the inside who assisted in the attack.

Ukraine war latest: 230 Ukrainians freed from Russian captivity in large-scale prisoner exchange
Key developments on Jan. 3: * 230 Ukrainians, POWs and civilians, return home from Russian captivity in largest prisoner exchange since start of full-scale war * NATO-Ukraine Council to hold emergency meeting in response to Russia’s mass strikes on Ukraine, Kuleba says * NATO agrees on deal to b…

Independent journalism needs a community —
not a paywall.

We’re working hard to show the world the truth of Russia’s brutal war — and we’re keeping it free for everyone, because reliable information should be available to all.

Our goal: reach 20,000 members to prove independent journalism can survive without paywalls, billionaires, or compromise. Will you help us do it?

Can we reach 20,000 members?

News Feed

11:51 PM

Trump 'very surprised, disappointed' at Russian attacks on Ukraine amid peace talks.

"I've gotten to see things I was very surprised at. Rockets being shot into cities like Kyiv during a negotiation that was maybe very close to ending," Trump said during a news conference in the Oval Office. "All of a sudden rockets got shot into a couple of cities and people died. I saw thing I was surprised at and I don't like being surprised, so I'm very disappointed in that way."
5:10 PM

All territory will revert to Ukraine, predicts US diplomat.

The Kyiv Independent’s Chris York sits down with Michael Carpenter, former U.S. Ambassador to OSCE and senior director for Europe at the National Security Council, to discuss the current lagging U.S. military support for Ukraine amid the ongoing ceasefire talks with Russia. Carpenter also offers his predictions for the future of Ukraine’s occupied territories.
10:10 AM

Russian attacks against Ukraine kill 7, injure 39 over past day.

Ukrainian forces downed 26 out of the 90 drones, including Shahed-type attack drones, launched by Russia overnight, the Air Force reported. Thirty drones were intercepted by electronic warfare or disappeared from radars without causing any damage, according to the statement.
9:21 AM

NATO expansion 'fair' concern for Putin, Kellogg says.

"And that's one of the issues Russia will bring up... They're also talking about Georgia, they're talking about Moldova, they're talking — obviously — about Ukraine. And we're saying, 'Okay, let's address this comprehensively,'" U.S. President Donald Trump's Special Envoy Keith Kellogg said.
MORE NEWS

Editors' Picks

Enter your email to subscribe
Please, enter correct email address
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Explaining Ukraine with Kate Tsurkan
* indicates required
Successfuly subscribed
Thank you for signing up for this newsletter. We’ve sent you a confirmation email.