The Russian hackers responsible for the cyberattack on Kyivstar, the largest telecom operator in Ukraine, were inside its infrastructure for months before the December hack took place, according to Ukraine’s top cyber official.
The attack, which began on Dec. 12, left more than 24.3 million Kyivstar customers without phone reception and internet access. The head of the Security Service of Ukraine’s cybersecurity department, llia Vitiuk, said that there’s a good chance that Russian military intelligence cyberwarfare unit Sandworm was behind the cyberattack.
Vitiuk described it as “a big message, a big warning, not only to Ukraine but for the whole Western world to understand that no one is actually untouchable.” He explained the attacks wiped “almost everything,” including thousands of personal computers and virtual servers, noting that Kyivstar is a leading private company in the industry that has spent a significant amount to boost cybersecurity.
“For now, we can securely say that they were in the system at least since May 2023,” Vitiuk said. “I cannot say right now, since what time they had … full access: probably at least since November.”
Ukraine’s security service (SBU), one of the organizations investigating the hack, said the hackers may have stolen a plethora of data, including personal information, SMS messages, Telegram accounts, and even information about the locations of the phones. So far, no personal or subscriber data has been leaked, according to Kyivstar.
“After the major break there were a number of new attempts aimed at dealing more damage to the operator,” Vitiuk said, explaining that Kyivstar was able to restore its systems and successfully fend off subsequent cyber attacks with the help of SBU in the following days.
The attacks didn’t affect Ukraine’s military forces as they use “different algorithms and protocols,” according to Vitiuk.
“Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn’t affect us strongly,” he added.