Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organizations in the West could easily be next, Ukraine's SBU chief says.

Russia cyber war concept art
Source: Skorzewiak via Alamy Stock Photo

December's cyberattack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actors dealt a catastrophic blow to the wealthy, privately-owned company, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department. In a new interview, he issued a warning to organizations across the West — they could be next.

The breach by Russian-backed threat actors, who Vitiuk said investigators suspect are linked to the group Sandworm, managed to black out communications for more than 24 million Kyivstar users across Ukraine for about four days, starting Dec. 12. Vitiuk said the threat actors likely had access to Kyivstar systems since May 2023 and were able to wipe "almost everything" out, and "completely destroyed the core of a telecoms operator," in a new interview.

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," Vitiuk said.

Kyivstar Breach an Insider Job?

Besides causing communications chaos across Ukraine, the cyberattackers were able to exfiltrate loads of personal data about Kyivstar users, including device location data, SMS messages, and, potentially, data that could lead to Telegram account takeover, Vitiuk said. Ukraine's military activities were not impacted in the Kyivstar cyberattack, he added.

Investigations into the Kyivstar breach revealed the threat group was able to gain initial access through a company insider, Viatuk said.

Vitiuk also noted that analysis of malware samples from the cyberattack is ongoing.

By Dec. 20, Kyivstar's operations were fully recovered with the help of the SBU. Around the same time, Ukraine retaliated with a cyberattack on Moscow-based water utility Rosvodokanal, that reportedly demolished the organization's IT infrastructure.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights