Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organizations in the West could easily be next, Ukraine's SBU chief says.

1 Min Read
red broken padlock icon
Alamy

This article was originally published on Dark Reading.

December's cyberattack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actors dealt a catastrophic blow to the wealthy, privately-owned company, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department. In a new interview, he issued a warning to organizations across the West — they could be next.

The breach by Russian-backed threat actors, who Vitiuk said investigators suspect are linked to the group Sandworm, managed to black out communications for more than 24 million Kyivstar users across Ukraine for about four days, starting Dec. 12. Vitiuk said the threat actors likely had access to Kyivstar systems since May 2023 and were able to wipe "almost everything" out, and "completely destroyed the core of a telecoms operator," in a new interview.

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

Kyivstar Breach an Insider Job?

Besides causing communications chaos across Ukraine, the cyberattackers were able to exfiltrate loads of personal data about Kyivstar users, including device location data, SMS messages, and, potentially, data that could lead to Telegram account takeover, Vitiuk said. Ukraine's military activities were not impacted in the Kyivstar cyberattack, he added.

Related:Ransomware, Data Breaches Inundate OT & Industrial Sector

Investigations into the Kyivstar breach revealed the threat group was able to gain initial access through a company insider, Viatuk said.

Vitiuk also noted that analysis of malware samples from the cyberattack is ongoing.

By Dec. 20, Kyivstar's operations were fully recovered with the help of the SBU. Around the same time, Ukraine retaliated with a cyberattack on Moscow-based water utility Rosvodokanal, that reportedly demolished the organization's IT infrastructure.

Read more about:

Dark Reading

About the Authors

Becky Bracken

Editor, Dark Reading

Experienced journalist, writer, editor and media professional.

https://www.darkreading.com/

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like