Russian hackers target Ukraine’s Kyivstar telecoms giant in major cyberattack

Russian hackers infiltrated the system of Kyivstar, Ukraine’s telecom giant, in a cyberattack in December, according to the head of cybersecurity for Ukraine Illia Vitiuk. He revealed that the attack, attributed to the Russian military intelligence cyberwarfare unit Sandworm, had significant consequences as it caused disruptions to Kyivstar’s services, resulting in over 24.3 million customers losing phone reception. The attack’s implications went beyond the telecoms company, with disruptions also reported by banks and Ukrainians in the country’s eastern war zone left without a connection.

Vitiuk highlighted that the cyberattack wiped out ‘almost everything,’ including numerous virtual servers and PCs, indicating the extensive damage caused by the hackers. The attack’s attribution to Sandworm, a state-sponsored Russian military intelligence cyberwarfare unit known for its involvement in previous cyberattacks in Ukraine and elsewhere, adds to the gravity of the situation.

In a video statement released in December, Kyivstar CEO Oleksandr Komarov acknowledged that the conflict between Ukraine and Russia extends beyond the physical realm to include cyberspace. This recognition reflects the evolving nature of warfare, with cyberattacks becoming increasingly prevalent in contemporary conflicts.

Why does it matter?

Vitiuk disclosed that the hackers had been in Kyivstar’s system since at least May 2023, potentially gaining full access by November. This extended infiltration period showcases the hackers’ sophisticated capabilities and operational strategies. It raises concerns about the vulnerability of critical infrastructure to cyber threats, underscoring the urgent need for robust cybersecurity measures. Attributing the attack to Sandworm underscores the involvement of state-sponsored cyberwarfare units in perpetrating such attacks.