Defense News ,Russia & Ukraine War :-
Ukraine cybersecurity chief, Illia Vitiuk, revealed that Russian
hackers infiltrated the systems of Kyivstar, Ukraine largest telecoms
operator, in a cyberattack that should serve as a stark warning to the
Western world, according to an interview with Reuters. The attack,
occurring from at least May the previous year, disrupted services for 24
million users for several days starting on December 12, making it one
of the most significant incidents since Russia invasion two years
prior.
In the interview, Vitiuk described the hack as causing
"disastrous" destruction, with the primary goals of delivering a
psychological blow and gathering intelligence. He emphasized that the
attack sends a clear message that no one is untouchable, even wealthy
private companies like Kyivstar, which heavily invested in
cybersecurity.
The cyberattack wiped out a substantial portion of
Kyivstar infrastructure, including thousands of virtual servers and
PCs, marking it as possibly the first example of a destructive
cyberattack that completely dismantled the core of a telecoms operator.
The investigation by Ukraine Security Service (SBU) revealed that the
hackers likely attempted to breach Kyivstar as early as March, with
confirmed access to the system since at least May 2023, and possibly
full access since November.
The SBU assessed that the hackers
could have stolen personal information, intercepted SMS messages, and
potentially compromised Telegram accounts, given the level of access
they obtained. Despite the attack, a Kyivstar spokesperson reassured
that no personal or subscriber data leakage had been identified, and the
company was cooperating with the SBU to investigate the incident.
Vitiuk
commended the SBU efforts in swiftly restoring Kyivstar systems and
fending off subsequent cyberattacks. He highlighted the widespread
impact on users, with long queues forming as people rushed to buy
alternative SIM cards. The attack disrupted services like ATMs using
Kyivstar SIM cards, and the air-raid siren malfunctioned in some
regions.
The investigation faces challenges due to the extensive
wiping of Kyivstar infrastructure. Vitiuk speculated that the
cyberwarfare unit Sandworm, linked to Russian military intelligence, was
likely behind the attack. This group, affiliated with Solntsepyok,
claimed responsibility for the incident.
The motives behind the
attack remain unclear, with Vitiuk suggesting that similarities between
Kyivstar and the Russian mobile operator Beeline might have made the
former an attractive target. The destruction commenced at a strategic
time, coinciding with Ukrainian President Volodymyr Zelenskiy visit to
Washington. Despite the substantial impact on communication services,
the attack was not accompanied by a major missile or drone strike,
limiting its overall impact and relinquishing a powerful
intelligence-gathering tool. The timing of the attack on December 12
remains a mystery.
——— End of Article ———
