The Security Service of Ukraine (SBU) is helping the operator "Kyivstar" to restore network operation after a hacker attack. SBU reports that today, December 13, "Kyivstar" plans to restore the fixed home Internet, as well as start the launch of mobile communications and the Internet.
The process takes time because the attack inflicted critical damage.
Who attacked "Kyivstar"?
The Russian hacking group “Solntsepyok” claimed responsibility for the attack on Kyivstar. SBU claims that it is a subdivision of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (also known as GRU).
In its Telegram, the group writes that it allegedly destroyed 10 000 computers, more than 4yo000 servers, all cloud data storage and backup systems. They explained the attack by the fact that the operator supports the Armed Forces of Ukraine, state bodies of Ukraine and law enforcement agencies.
Who are Solntsepyok?
This group has actually been working as a hacker since 2023 and is not the first time it has attacked Ukraine. In 2022, it was engaged in the publication of personal data of Ukrainian activists and journalists, and already in 2023 it took responsibility for attacks on the local network of the Ministry of Community and Territorial Development, the 24 Channel website, providers such as Gigabit-net and Znet, websites "Gordon" and "Public".
Media dev.ua previously analyzed the activities of "Solntsepyok". His attacks had not done much damage before. The sites were quickly restored, customers were still able to access them, and companies such as the Southern Mining and Processing Plant said they had repelled the attacks and were quickly dealing with the damage.
However, the group may be associated with the elite GRU hacker unit “Sandworm”. It was the one that spread the “NotPetya” virus, which destroyed data on the computers of commercial and government structures around the world, causing losses of $10 billion with just one sabotage.
In 2020, the United States Department of Justice indicted six Russian hackers from Sandworm for cyberattacks in Ukraine, the United States, France, and South Korea. All of them are GRU officers: Yurii Andrienko, Sergei Detistov, Pavel Frolov, Anatoliy Kovalev, Artem Ochichenko, and Petr Pliskin.
All six are believed to be members of Sandworm, which is behind such cyberattacks as “KillDisk” (a 2015 cyberattack on Ukrainian energy companies) and “OlympicDestroyer” (an attack on the 2018 Winter Olympics in South Korea).
- A large-scale technical failure in the "Kyivstar" network occurred in the morning of December 12. Subscribers cannot switch to other operators through national roaming, communication and the Internet do not work. There are problems in the operation of some terminals and ATMs of PrivatBank. DTEK reported that their contact center numbers in the "Kyivstar" network do not work.
- On that day, the Security Service opened a case regarding the hacker attack on "Kyivstar" under eight articles. According to one version of the investigation, the Russian special services may be involved in the hacker attack on Kyivstar. Cyber specialists are coordinating the efforts of all government agencies to restore the network as quickly as possible.