Skip to content
Edit post

SBU cybersecurity chief: Hackers had access to Kyivstar months before December attack

by Nate Ostiller January 4, 2024 11:00 AM 3 min read
A Kyivstar building in Kyiv, Ukraine, on Dec. 25, 2012. (Wikimedia Commons/Maksym Kozlenko)
This audio is created with AI assistance

Russian hackers who shut down Kyivstar had penetrated the company's internal system months before the attack and likely had access to a variety of users' personal data, said Illia Vitiuk, the cybersecurity chief of the Security Service of Ukraine (SBU), in an interview with Reuters published on Jan. 4.

Ukraine came under a massive cyberattack on Dec. 12, which targeted Kyivstar, the largest telecommunications provider, and one of the country's most important banks, Monobank. People across the country reported internet and network outages, as well as issues with air raid alerts.

A Russian hacker group called Solntsepek claimed responsibility for the attack against Kyivstar in a statement published on Telegram on Dec. 13.

Vitiuk said that he was "pretty sure" the attack was carried out by Sandworm, a unit of Russia's military intelligence (GRU), which the SBU has linked to Solntsepek.

Kyivstar CEO Oleksandr Komarov said that hackers had managed to break through the company's cyber security measures through the compromised account of an employee.

The day after the attack, the company denied that any computers or servers had been destroyed and claimed that subscribers' personal data remained safe.

Kyivstar reiterated to Reuters on Jan. 4 that "no facts of leakage of personal and subscriber data have been revealed," adding that the company was cooperating closely with the SBU to investigate the attack.

A Kyivstar spokesperson, Iryna Lelichenko, said on Facebook the same day that "various versions (of how the attack took place) are being considered and voiced, but none of them can be seen as final until the official conclusion of the investigation."

"The cyber attack on the Kyivstar network affected some technological systems responsible for communication, but they were restored within a few days thanks to the professional work of the company's specialists and partners."

According to Lelichenko, Kyivstar has already carried out additional measures for cyber protection, including strengthening access control and implementing additional server and workstation control systems, and is planning further steps to bolster cyber security.

Vitiuk refuted that assertion, saying that the attack wiped "almost everything," which included servers. He added that it was likely one of the first examples of a hacking attack that "completely destroyed the core of a telecoms operator."

Since the hackers had access to Kyivstar servers since May 2023 and full access since November, they could likely have been able to "steal personal information, understand the locations of phones, intercept text messages and perhaps steal Telegram accounts with the level of access they gained."

The attack did not impact Ukraine's military, Vitiuk said, because it has a different cybersecurity configuration and does not rely on private telecoms providers.

He added that it was important not to underestimate the threat posed by such attacks, noting that Kyivstar is a wealthy company with highly developed cybersecurity systems.

"This attack is a big message, a big warning, not only to Ukraine but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

A complete investigation on how the hackers managed to penetrate Kyivstar's cybersecurity is still ongoing, he said, including analyzing the possibility that there was someone on the inside who assisted in the attack.

Ukraine war latest: 230 Ukrainians freed from Russian captivity in large-scale prisoner exchange
Key developments on Jan. 3: * 230 Ukrainians, POWs and civilians, return home from Russian captivity in largest prisoner exchange since start of full-scale war * NATO-Ukraine Council to hold emergency meeting in response to Russia’s mass strikes on Ukraine, Kuleba says * NATO agrees on deal to b…

News Feed

5:15 AM

Media identifies nearly 85,000 Russian soldiers killed in Ukraine.

According to the outlets' conclusions for the year, 2024 will likely mark the "war's deadliest year," with a current count of over 20,000 deaths confirmed over the past 12 months — although final conclusions cannot yet be made as data on casualties continues to emerge.
11:17 PM

Zelensky meets with CIA director in Kyiv.

President Volodymyr Zelensky said on Dec. 21 that he met with CIA Director William Burns in Ukraine, marking a rare public acknowledgment of their discussions during Russia’s full-scale invasion.
4:16 AM

IMF approves $1.1 billion in funding for Ukraine.

The IMF approved the $1.1 billion tranche after completing its sixth review of the Extended Fund Facility (EFF), a plan to provide Ukraine with over $15 billion in budget support over four years.
MORE NEWS

Editors' Picks

Enter your email to subscribe
Please, enter correct email address
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Explaining Ukraine with Kate Tsurkan
* indicates required
Successfuly subscribed
Thank you for signing up for this newsletter. We’ve sent you a confirmation email.