Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns

This article was originally published on Dark Reading.

December's cyberattack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actors dealt a catastrophic blow to the wealthy, privately-owned company, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department. In a new interview, he issued a warning to organizations across the West — they could be next.

The breach by Russian-backed threat actors, who Vitiuk said investigators suspect are linked to the group Sandworm, managed to black out communications for more than 24 million Kyivstar users across Ukraine for about four days, starting Dec. 12. Vitiuk said the threat actors likely had access to Kyivstar systems since May 2023 and were able to wipe "almost everything" out, and "completely destroyed the core of a telecoms operator," in a new interview.

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

Kyivstar Breach an Insider Job?

Besides causing communications chaos across Ukraine, the cyberattackers were able to exfiltrate loads of personal data about Kyivstar users, including device location data, SMS messages, and, potentially, data that could lead to Telegram account takeover, Vitiuk said. Ukraine's military activities were not impacted in the Kyivstar cyberattack, he added.

Related:Ransomware, Data Breaches Inundate OT & Industrial Sector

Investigations into the Kyivstar breach revealed the threat group was able to gain initial access through a company insider, Viatuk said.

Vitiuk also noted that analysis of malware samples from the cyberattack is ongoing.

By Dec. 20, Kyivstar's operations were fully recovered with the help of the SBU. Around the same time, Ukraine retaliated with a cyberattack on Moscow-based water utility Rosvodokanal, that reportedly demolished the organization's IT infrastructure.