Skip to content
Edit post

SBU: Ukraine gathers evidence for ICC on Russian GRU hackers behind Kyivstar cyberattack

by Martin Fornusek April 4, 2024 10:17 AM 2 min read
A woman walks by a Kyivstar store in Kyiv on Dec. 12, 2023. (Sergei Chuzavkov/AFP via Getty Images)
This audio is created with AI assistance

The Security Service of Ukraine (SBU) is gathering evidence on Russian intelligence hackers who were behind last December's attack on Kyivstar and will pass the materials to the International Criminal Court (ICC), SBU cybersecurity chief Illia Vitiuk said in an interview with Ukrinform published on April 4.

Ukraine came under a massive cyberattack in December 2023 that targeted Kyivstar, the country's leading telecommunications provider. People across the country reported internet and network outages, as well as issues with air raid alerts.

The SBU linked the attack to SandWorm, which is reportedly "a full-time unit" of Russia's military intelligence agency, the GRU. Vitiuk said Ukraine had identified SandWorm through their specific "handwriting" and "specially created software products" used to download files.

Shortly after the cyberattack, a Russian hacker group, Solntsepek, claimed responsibility for the attack. Ukraine's security service linked Solntsepek to the aforementioned SandWorm.

"We need to conduct a series of examinations on suffered losses and the affected systems. After all, information from a large number of virtual and physical servers were destroyed, and many computers were wiped completely," the SBU cybersecurity chief said when asked about the progress of the investigation.

"We made requests to our international partners and intelligence services to obtain certain information," he added.

According to the SBU official, Ukraine will soon announce official charges based on collected evidence, which will be referred to the ICC in The Hague.

Visit KI Insights to learn more and subscribe to the insider weekly newsletter
visit ki insights

VEON, the Dutch telecommunications operator and Kyivstar's parent company, said that the damages of the cyberattack amounted to Hr 3.6 billion ($93 million).

The losses stemmed from costs incurred restoring services, replacing lost equipment, or compensating external consultants and partners.

Vitiuk also said that the same hackers who were behind the Kyivstar cyberattack attempted many times to break into the communications systems of Ukraine's Armed Forces and the Defense Ministry.

"But we thwarted these attempts," he added.

According to Vitiuk, SandWorm attempted to target 1,700 Ukrainian devices in an attempt to infect Ukraine's military software, "Kropyva" (Nettle), since the start of the full-scale war. The hackers used seven different types of malware in these attempts, he added.

While GRU's SandWorm focuses on attacks against telecommunications, Internet providers, and the energy sector, Russia has other cyber warfare units, Vitiuk explained.

Groups working for Russia's Federal Security Service (FSB) include Armageddon, which is focused on computer viruses and phishing emails, as well as Turla or Dragonfly.

SBU cybersecurity chief: Hackers had access to Kyivstar months before December attack
Russian hackers likely penetrated Kyivstar’s cybersecurity as far back as May 2023, and gained full access in November, said Illia Vitiuk, the cybersecurity chief of the Security Service of Ukraine (SBU).

News Feed

5:15 AM

Media identifies nearly 85,000 Russian soldiers killed in Ukraine.

According to the outlets' conclusions for the year, 2024 will likely mark the "war's deadliest year," with a current count of over 20,000 deaths confirmed over the past 12 months — although final conclusions cannot yet be made as data on casualties continues to emerge.
11:17 PM

Zelensky meets with CIA director in Kyiv.

President Volodymyr Zelensky said on Dec. 21 that he met with CIA Director William Burns in Ukraine, marking a rare public acknowledgment of their discussions during Russia’s full-scale invasion.
4:16 AM

IMF approves $1.1 billion in funding for Ukraine.

The IMF approved the $1.1 billion tranche after completing its sixth review of the Extended Fund Facility (EFF), a plan to provide Ukraine with over $15 billion in budget support over four years.
MORE NEWS

Editors' Picks

Enter your email to subscribe
Please, enter correct email address
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Explaining Ukraine with Kate Tsurkan
* indicates required
Successfuly subscribed
Thank you for signing up for this newsletter. We’ve sent you a confirmation email.