The mobile operator "Kyivstar" does not confirm the information about the months-long access of hackers to the personal data of subscribers, company spokeswoman Iryna Lelichenko reported on Facebook.
"Since there are new and new rumors and different interpretations of previously made comments regarding the cyberattack on the Kyivstar network, as the spokesperson of the company, I must clarify the current situation. "Kyivstar does not confirm the information about the allegedly months-long access by hackers "inside" the company to subscribersʼ personal data and their leakage," she wrote.
Lelichenko noted that the official investigation into the cyberattack is still ongoing, and various versions are being considered and voiced. "However, until the official conclusion of the investigation, none of them can be considered final," she added.
No evidence of leakage of personal data of subscribers was found during the investigation, she noted.
Lelichenko published a statement after the release of the Security Service of Ukraine from an interview with the head of the cyber security department of the SBU Ilya Vityuk for Reuters. The agency, citing Vityukʼs words, wrote that the hackers had been preparing for the attack for several months, tried to break into Kyivstar in March 2023, and had been in the system since at least May. Vityuk said in an interview that the leak of subscribersʼ personal data was not detected, so Lelichenko obviously reacted to criticism on social networks.
In the SBU release regarding the interview, Vityukʼs words about infiltration in March and May are not at all, although they are in the Reuters material.
What happened to "Kyivstar"
On December 12, the operator "Kyivstar" suffered a large-scale hacker attack, as a result of which subscribers lost their connection and the Internet. The Russian group Solntsepek claimed responsibility for the attack. The SBU stated that it was connected to the Russian Main Intelligence Directorate.The SBU started an investigation under eight articles, including sabotage and treason.
Oleksandr Komarov, general director of "Kyivstar", said that the hacker attack was very powerful. Part of the virtual IT infrastructure is destroyed. Hackers partially achieved their goal.
On December 13, "Kyivstar" subscribers were blocked from accessing national roaming in order not to overload other networks. There were also difficulties in the operation of the banking system, in particular, in the operation of POS terminals.
On the same day, the president of "Kyivstar" admitted that hackers broke the companyʼs security through the account of one of the employees. According to Oleksandr Komarov, this attack is "not a matter of technology", but of the fact that in any organization there can be people who "conditionally point Russian missiles or give away their passwords, because social engineers work well".
On December 20 , Kyivstar resumed all services in Ukraine and abroad. Also , "Kyivstar" canceled the following tariff fee for some users.
On December 22, Komarov said that hackers destroyed 40% of Kyivstarʼs infrastructure. The biggest impact was on the virtual layer of the network. He added that the attack was quite unique. About a thousand people were involved in the recovery operation.