Key points:
- Ukraine suffers second day of telecommunication and internet disruptions following a massive cyberattack.
- The cyberattack was spearheaded by Kremlin-linked groups Killnet and Solntsepek and targeted Ukraine’s largest telecoms service provider – Kyivstar – affecting 24.3 million mobile and over 1.1 million home internet users.
- Critical system outages included air alert systems for missile attacks, necessitating backup alarms while Lviv district experienced disruption to crucial services.
Ukraine is currently faced with significant internet and mobile network outages following an unprecedented cyber attack. The attackers targeted Kyivstar, the nation’s largest telecoms provider, causing disruptions for over 24.3m mobile subscribers and 1.1m home internet users.
The hacking groups responsible for the attack, Killnet and Solntsepek both linked with the Russian government, claimed responsibility for the assault on Ukraine’s telecoms. Killnet suggested they had targeted Ukrainian mobile operators and some banks, while Solntsepek took credit for the destruction of Kyivstar’s 10,000 computers, 4,000+ servers, cloud storage, and backup systems.
The cyberattack had severe implications for essential services in Lviv, Ukraine’s westernmost region. Local authorities had to manually disconnect street lights as internet-dependent automated power switches failed. The disruption also affected businesses nationwide, especially the banking sector, with credit card transactions hindered and many ATMs rendered inoperative.
Another cause for concern was the critical systems affected by the attack. Air alert systems, crucial for warning against incoming missile attacks, were also impacted. This development forced the authorities to resort to backup alarms. Kyivstar’s CEO, Oleksandr Komarov, deemed the cyberattack as unprecedented and described it as one of the most significant compromises on a civilian telecommunications provider, compounding the difficulties Ukraine faces with the ongoing Russia-Ukraine war.
Komarov also suggested that it may take several weeks to restore all additional services. Reports indicated the attack was orchestrated through the infiltration of an internal employee account.
Solntsepek, notorious for its affiliation with the Russian military’s GRU unit-linked “Sandworm” hacking group, has a notorious past of engaging in destructive cyberattacks. The party was associated with the infamous NotPetya worm that caused estimated global damages of $10 billion.
This recent incident underscores the escalating severity of cyber threats experienced by Ukraine and calls for swift, effective actions to protect digital infrastructure.