Russian Hackers Infiltrated Ukrainian Telecom Giant For Months

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

The Russian hackers responsible for the cyberattack on Kyivstar, the largest telecom operator in Ukraine, were inside its infrastructure for months before the December hack took place, according to Ukraine’s top cyber official.

The attack, which began on Dec. 12, left more than 24.3 million Kyivstar customers without phone reception and internet access. The head of the Security Service of Ukraine’s cybersecurity department, llia Vitiuk, said that there’s a good chance that Russian military intelligence cyberwarfare unit Sandworm was behind the cyberattack.

Vitiuk described it as “a big message, a big warning, not only to Ukraine but for the whole Western world to understand that no one is actually untouchable.” He explained the attacks wiped “almost everything,” including thousands of personal computers and virtual servers, noting that Kyivstar is a leading private company in the industry that has spent a significant amount to boost cybersecurity.

“For now, we can securely say that they were in the system at least since May 2023,” Vitiuk said. “I cannot say right now, since what time they had … full access: probably at least since November.”

Ukraine’s security service (SBU), one of the organizations investigating the hack, said the hackers may have stolen a plethora of data, including personal information, SMS messages, Telegram accounts, and even information about the locations of the phones. So far, no personal or subscriber data has been leaked, according to Kyivstar.

“After the major break there were a number of new attempts aimed at dealing more damage to the operator,” Vitiuk said, explaining that Kyivstar was able to restore its systems and successfully fend off subsequent cyber attacks with the help of SBU in the following days.

The attacks didn’t affect Ukraine’s military forces as they use “different algorithms and protocols,” according to Vitiuk.

“Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn’t affect us strongly,” he added.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.