Russian hackers had access to "Kyivstar" systems for months, says the SBU
Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters.
The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12.
In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence.
"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.
The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."
During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27.
"For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November."
The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said.
As the IMI reported, the mobile operator "Kyivstar" suffered a large-scale outage in the morning of December 12, 2023. Users could not make calls, send messages, or check their account. They also had no Internet access and could not log into the "Kyivstar" app. The company's website was down.
On the same day, "Kyivstar" reported an intense cyber attack that caused the technical failure; the company's IT infrastructure was partially destroyed.
The Security Service of Ukraine opened a case regarding the cyber attack on "Kyivstar". The Russian hacker group Solntsepek has claimed responsibility for the cyberattack on "Kyivstar". According to the SBU, it is a unit of the General Directorate of the Russian Armed Forces' General Staff.
The cyber attack on the national operator "Kyivstar" was a result of an employee's account being compromised.
On December 20, 2023, "Kyivstar" announced that all the basic services affected by the hack have been restored.
Help us be even more cool!