In December 2023 [1] [3] [5], Ukraine’s largest mobile network carrier [5], Kyivstar [1] [2] [3] [4] [5] [6] [7], experienced a significant cyberattack orchestrated by the Russian military intelligence cyberwarfare unit known as Sandworm [1]. This attack resulted in a technical failure, causing disruptions to phone and internet services for approximately 24 million users. The hackers were able to gain full access to Kyivstar’s systems, potentially compromising personal information and intercepting communications. While the impact on Kyivstar was substantial, Ukraine’s military was minimally affected [1].

Description

The cyberattack on Kyivstar [6] [7], carried out by the Russian military intelligence unit Sandworm, occurred in December 2023 [2] [6]. As a result, phone and internet services for around 24 million users were disrupted for several days. The hackers were able to infiltrate Kyivstar’s systems, potentially gaining access to personal information, tracking phone locations [1], intercepting SMS messages [1], and compromising Telegram accounts [1]. Despite the significant impact on Kyivstar [1], Ukraine’s military remained largely unaffected.

The Security Service of Ukraine (SSU) Cyber Security Department successfully thwarted over 4,500 major cyberattacks on governmental bodies and critical infrastructure in the previous year. The SBU [1] [3] [7], Ukraine’s Security Service [1] [3] [5] [6] [7], played a crucial role in assisting Kyivstar in restoring its systems and defending against new cyber attacks. They are currently conducting an investigation into the hack and have identified the use of malicious software by the enemy. Sandworm [1] [2] [3] [5] [6] [7], which has previously targeted Ukrainian telecom operators and Internet providers [3], is a unit of Russian military intelligence [3] [5] [6] [7]. Since the invasion began [3] [6], the SBU has detected approximately 9,000 cyber attacks on government resources and critical infrastructure in Ukraine [3].

Kyivstar’s CEO announced that all services have been fully restored [1]. However, the exact date of the attack and the motivations behind it remain uncertain, raising ongoing concerns about cybersecurity. The Ukraine Security Service (SBU) has claimed that Russia is planning further cyberattacks on Kyivstar [7], the country’s largest telecom provider [7]. The SBU alleges that the enemy planned multiple consecutive strikes to keep people disconnected for as long as possible [7]. While the cyberattack mainly affected civilians [7], it did not have a significant impact on military communications [7], as soldiers use different communication algorithms and protocols [7].

Conclusion

The cyberattack on Kyivstar had a significant impact on phone and internet services, disrupting the lives of approximately 24 million users [1]. The Security Service of Ukraine played a crucial role in mitigating the attack and assisting Kyivstar in restoring its systems. However, the ongoing concerns about cybersecurity and the potential for future cyberattacks highlight the need for continued vigilance and investment in robust defense mechanisms. The attack serves as a reminder of the importance of maintaining strong cybersecurity measures to protect critical infrastructure and personal information.

References

[1] https://news.abplive.com/technology/russian-hackers-were-inside-ukraine-s-largest-telecoms-operator-for-months-cybersecurity-chief-says-kyivstar-sandworm-1654298
[2] https://www.politico.eu/article/ukraines-cyber-spy-chief-vitiuk-says-russia-hackers-penetrated-kyvstarg-telecoms-system-for-months/
[3] https://en.interfax.com.ua/news/general/958469.html
[4] https://news.yahoo.com/russian-hackers-infiltrated-kyivstars-system-090110316.html
[5] https://www.infosecurity-magazine.com/news/ukraine-russian-sandworm-kyivstar/
[6] https://www.bankinfosecurity.com/russian-sandworm-group-snooped-kyivstar-networks-for-months-a-24027
[7] https://apnews.com/article/russia-ukraine-war-missiles-crimea-cyberattack-d44099272ac424081df3a81c3a042087