Investigating sexual violence as war crimes — "He Came Back"
Our War Crimes Investigations Unit released its new documentary, “He Came Back”. The film is about two cases of sexual violence committed by Russian soldiers during the occupation of Kherson and Kyiv oblasts in 2022 — and the process of identifying the offenders. Watch it on our YouTube channel.
Skip to content
Edit post

SBU cybersecurity chief: Hackers had access to Kyivstar months before December attack

by Nate Ostiller January 4, 2024 11:00 AM 3 min read
A Kyivstar building in Kyiv, Ukraine, on Dec. 25, 2012. (Wikimedia Commons/Maksym Kozlenko)
This audio is created with AI assistance

Support independent journalism in Ukraine. Join us in this fight.

Become a member Support us just once

Russian hackers who shut down Kyivstar had penetrated the company's internal system months before the attack and likely had access to a variety of users' personal data, said Illia Vitiuk, the cybersecurity chief of the Security Service of Ukraine (SBU), in an interview with Reuters published on Jan. 4.

Ukraine came under a massive cyberattack on Dec. 12, which targeted Kyivstar, the largest telecommunications provider, and one of the country's most important banks, Monobank. People across the country reported internet and network outages, as well as issues with air raid alerts.

A Russian hacker group called Solntsepek claimed responsibility for the attack against Kyivstar in a statement published on Telegram on Dec. 13.

Vitiuk said that he was "pretty sure" the attack was carried out by Sandworm, a unit of Russia's military intelligence (GRU), which the SBU has linked to Solntsepek.

Kyivstar CEO Oleksandr Komarov said that hackers had managed to break through the company's cyber security measures through the compromised account of an employee.

The day after the attack, the company denied that any computers or servers had been destroyed and claimed that subscribers' personal data remained safe.

Kyivstar reiterated to Reuters on Jan. 4 that "no facts of leakage of personal and subscriber data have been revealed," adding that the company was cooperating closely with the SBU to investigate the attack.

A Kyivstar spokesperson, Iryna Lelichenko, said on Facebook the same day that "various versions (of how the attack took place) are being considered and voiced, but none of them can be seen as final until the official conclusion of the investigation."

"The cyber attack on the Kyivstar network affected some technological systems responsible for communication, but they were restored within a few days thanks to the professional work of the company's specialists and partners."

According to Lelichenko, Kyivstar has already carried out additional measures for cyber protection, including strengthening access control and implementing additional server and workstation control systems, and is planning further steps to bolster cyber security.

Vitiuk refuted that assertion, saying that the attack wiped "almost everything," which included servers. He added that it was likely one of the first examples of a hacking attack that "completely destroyed the core of a telecoms operator."

Since the hackers had access to Kyivstar servers since May 2023 and full access since November, they could likely have been able to "steal personal information, understand the locations of phones, intercept text messages and perhaps steal Telegram accounts with the level of access they gained."

The attack did not impact Ukraine's military, Vitiuk said, because it has a different cybersecurity configuration and does not rely on private telecoms providers.

He added that it was important not to underestimate the threat posed by such attacks, noting that Kyivstar is a wealthy company with highly developed cybersecurity systems.

"This attack is a big message, a big warning, not only to Ukraine but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

A complete investigation on how the hackers managed to penetrate Kyivstar's cybersecurity is still ongoing, he said, including analyzing the possibility that there was someone on the inside who assisted in the attack.

Ukraine war latest: 230 Ukrainians freed from Russian captivity in large-scale prisoner exchange
Key developments on Jan. 3: * 230 Ukrainians, POWs and civilians, return home from Russian captivity in largest prisoner exchange since start of full-scale war * NATO-Ukraine Council to hold emergency meeting in response to Russia’s mass strikes on Ukraine, Kuleba says * NATO agrees on deal to b…

Before you skip this banner, we want to tell you something…

The Kyiv Independent doesn’t depend on a wealthy owner or an oligarch — in 2023, 80% of our revenue was from reader contributions . It’s thanks to them that we don’t have to rely on a single owner.

Support us now and help maintain our independent model and keep our articles free for everyone. Your contributions allow us to cover journalists’ salaries, report from the front lines, and fund projects like our War Crimes Investigations Unit.

visa masterCard americanExpress

News Feed

Ukraine Daily
News from Ukraine in your inbox
Ukraine news
Please, enter correct email address
3:36 PM

Putin to visit North Korea, Vietnam this week.

Despite the increasingly strong alliance between Russia and North Korea, Russian President Vladimir Putin has not visited the country since 2000, when he met with previous North Korean leader Kim Jong-Il.
3:33 PM

Magura naval drones can now operate anti-aircraft missiles.

One of the Magura drones has already been equipped with these missiles, creating a serious challenge for the Russian Air Force operating in the region, the commander of the military intelligence Group 13 unit said in an interview with journalist Maksym Krapyvnyi.
MORE NEWS

Editors' Picks

Enter your email to subscribe
Please, enter correct email address
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Successfuly subscribed
Thank you for signing up for this newsletter. We’ve sent you a confirmation email.