Russian hackers have been in Kyivstarʼs system since at least May of last year. The hacking of the companyʼs system became a warning not only for Ukraine, but also for other countries.
This was reported by the head of the Cyber Security Department of the SBU, Ilya Vityuk, in an interview with the international agency Reuters.
In December 2023, "Kyivstar" stopped working for several days due to a hacker attack. At that time, approximately 24 million users remained without communication, some ATMs and retail outlets did not work.
"The SBU not only helped Kyivstar resume work in a few days, and also repelled new cyber attacks. After a large-scale breach, we prevented a series of attempts to cause even more damage to the operator. The enemy planned several strikes in a row to leave people without communication for as long as possible. In such a case, other operators could not withstand prolonged overloading of their networks," Ilya Vityuk said.
According to Vityuk, the attack could be the first in the world when hackers managed to completely destroy the backbone network of a cellular operator — the centralized network responsible for providing basic services and coordinating their work. The attack was aimed at the collection of intelligence data and the task of psychological attack, the leak of personal data of users was not detected at the time.
The SBU investigation found that the hackers probably tried to break into Kyivstar in March 2023 or earlier, and had been in the system since at least May.
“I canʼt say now since when they had full access. Probably, at least since November," Vytyuk said.
A representative of the SBU says that after a significant break, there were several attempts aimed at inflicting more damage on "Kyivstar", but the special service helped repel new cyber attacks. The attack did not have much impact on the army, as the fighters use "different algorithms and protocols".
Ilya Vityuk confirmed that the hacker group Sandworm is behind this attack, which is a full-time unit of Russian military intelligence and has previously repeatedly carried out cyber attacks on Ukrainian objects, in particular on communication operators and Internet providers.
- In general, according to Ilya Vityuk, since the beginning of the full-scale invasion, the Security Service has carried out almost 9,000 cyber attacks on state resources and objects of critical infrastructure of Ukraine.