Hackers were in Kyivstar system for six months: details from SBU
The investigation revealed that Russian hackers who attacked the telecommunications giant Kyivstar had access to the system since at least May 2023. A cyberattack on a mobile operator should be a “big warning” to the West.
Ilya Vitiuk, head of the SBU’s cybersecurity department, told Reuters that the Security Service of Ukraine has determined that hackers probably tried to infiltrate Kyivstar in March or earlier. But at the moment, we can confidently say that they have been in the system at least since May 2023.
“I can’t say now how long they have had… full access: probably at least since November,” said Vitiuk.
He called the case of Kyivstar probably the first example of a devastating cyberattack that “completely destroyed the core of a telecommunications operator.” The SBU official added that the attack destroyed “almost everything,” including thousands of virtual servers and PCs.
“This attack is a great message, a great warning not only for Ukraine but for the entire Western world to understand that no one is really untouchable,” the expert emphasized.
According to the SBU, hackers with this level of access were able to steal personal information, understand the location of phones, intercept SMS messages, and possibly gain access to Telegram accounts.
At the same time, it is emphasized that the attack did not have a major impact on the Ukrainian military, which did not rely on telecommunications operators.
However, the investigation of the attack is complicated by the destruction of Kyivstar’s infrastructure. The malware samples have been removed and are currently being analyzed. It is unclear why the hackers chose December 12. Vitiuk is “almost certain” that the attack was carried out by a cyber unit of the Russian military intelligence Sandworm.
The SBU representative said that the pattern of behavior indicates that telecommunications operators may remain a target for Russian hackers. According to him, last year the SBU prevented more than 4,500 major cyberattacks on Ukrainian government agencies and critical infrastructure facilities.
As a reminder, on December 12, the Ukrainian mobile operator Kyivstar experienced a large-scale outage.
Kyivstar subscribers are strongly advised to change their passwords to protect their information.
