Kyivstar Cyber-Attack Unravelled: All the Intel We’ve Gathered So Far.

December 14, 2023
1 min read
  • Major Ukrainian telecommunications operator, Kyivstar, has fallen victim to a large-scale cyber-attack that left millions without mobile and internet services.
  • Russian hacker collective, Solntsepek, claimed responsibility for the attack, stating their aim was to disrupt communications for the Armed Forces of Ukraine.

The cyber-attack on Kyivstar, Ukraine’s main telecommunications provider, has left approximately 24.3 million people without a mobile signal. This situation has severe implications as many Ukrainians rely on their mobile phones for updates on air raid alerts and Russian attack information. The attack also led to nationwide issues with credit card payments, ATM functionality, and automatic street lighting control.

According to Kyivstar CEO Oleksandr Komarov, the attack was a “well-planned and professional” act from both a cyber and telecoms standpoint. The hackers exploited a “perimeter vulnerability,” inflicting significant damage to Kyivstar’s IT infrastructure. Komarov has expressed optimism about restoring normal services but emphasized the need to ensure no vulnerabilities are left open during the recovery process.

Although Russia is suspected, a Russian hacker group called Solntsepek claimed responsibility for the act. They justified their actions, stating their intent was to disrupt communications to the Armed Forces of Ukraine, as well as government and law enforcement agencies. Despite their claims of destroying a large number of computers and servers, Kyivstar has refuted this assertion.

In response to the attack, Ukraine’s SBU security service has opened a criminal investigation and sent agents to Kyivstar’s offices. While the attack has inconvenienced civilians, Kyivstar spokesman Volodymyr Fityo confirmed the land forces’ operations remain untouched.

Although the exact motivations behind the attack remain unclear, Kyivstar’s exit from Russia and its critical infrastructure status have been suggested as possible reasons. Recent diplomatic engagements such as President Zelensky’s U.S. visit could also have provoked the assault.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and