Unraveling the Mystery: Kyivstar Cyber-Attack in a Nutshell

December 14, 2023
2 mins read

Key Points:

  • Kyivstar, Ukraine’s main telecommunications operator, has been subjected to a mass cyber-attack, disabling services for approximately 24.3 million people in the country.
  • Kyivstar CEO, Oleksandr Komarov, described the cyberattack as a well-planned and professional assault, and characterized it as an act of cyber warfare against Ukraine’s critical infrastructure.
  • The attack’s cause has been attributed to a ‘perimeter vulnerability’, predominantly believed to be enacted by Russia due to data cable interception demonstrating a lot of Russian-controlled traffic directed at the networks.
  • A Russian hacking collective named ‘Solntsepek’ claimed responsibility for the attack, arguing that Kyivstar was targeted for providing communications to Ukraine’s Armed Forces, government agencies, and law enforcement agencies.
  • Though the cyberstrike has caused inconveniences for civilians, Kyivstar’s spokesman, Volodymyr Fityo stated that land force operations have not been affected.
  • Kyivstar is working to recover from the attack’s damages, with Komarov indicating a “best-case scenario” for the resumption of services being sometime on Wednesday.

A cyberattack on Tuesday debilitated Kyivstar, Ukraine’s primary telecommunications operator. This incident left approximately 24.3 million people, more than half of the country’s population, without mobile signal and internet services, hampering businesses and individuals that rely on these communication streams. Alongside mobile and internet services, credit card processing in shops, ATM functionalities and street lighting controls were also disrupted as a result of the attack.

CEO Oleksandr Komarov confirmed Kyivstar had been victim to a cyber-attack – the first successful major hack against Ukraine since Russia’s 2022 full-scale invasion. It was characterized as “a well-planned and professional attack” that had taken a significant toll on the company’s infrastructure. The cause was identified by Kyivstar’s technicians as a perimeter vulnerability that was exploited by the hackers. Many suspect Russia to be behind the attack, given data interception patterns heavily featured Russian-controlled traffic towards these networks. Furthermore, the damage caused signifies the involvement of a state actor.

The devastation has been substantial, causing the company to physically disconnect itself from the network. Komarov stated that the firm is now working towards resolving the issues induced by the attack and securely reestablishing its network connectivity. Late on Tuesday, the CEO determined that the most optimistic scenario for service restoration would be sometime on Wednesday. Komarov remains committed to demonstrating transparency to the public and their investors regarding the current situation and the company’s recovery efforts.

Responsibility for the attack has been claimed by Russian hacker collective, Solntsepek, on Telegram. They justified the attack on the grounds that Kyivstar provides services to various military and governmental bodies within Ukraine. Whilst the group claims to have destroyed a substantial number of computers and servers, Kyivstar negates this claim. That said, despite Solntsepek’s claim, whether they enacted the attack or not is largely irrelevant considering Russian hacker groups commonly operate under the directive or approval of the Kremlin.

Despite the disruptions caused for civilians, it has been assured that the operations of Ukraine’s land forces have not been affected by the attack.

It is hard to discern the true motive behind the attack, though it is known that disabling infrastructure and inducing chaos within Ukraine has been an ongoing goal for Russia. Komarov suggests that a range of factors could have contributed to Kyivstar being targeted, such as their exit from Russia, their patriotic position, or their critical infrastructure status.

Latest from Blog

44k Americans first to suffer data breach: Are you next?

TLDR: First American Financial Corporation disclosed a data breach affecting 44,000 individuals in December 2023. The company offered free credit monitoring and identity protection services to the affected individuals. The First American