Ukrainian law enforcement officers identified those involved in the cyber attack on the “Kyivstar” mobile operator in December 2023. The materials in the case are going to be transferred to the International Criminal Court (ICC).
The head of the cyber security department of the Security Service of Ukraine (SBU) Ilya Vityuk told about this in an interview with Ukrinform.
According to him, the SBU established that the hacker group SandWorm was behind the attack on “Kyivstar”. Although at first the Telegram channel called “Solntsepyok” took responsibility, then the group "Joker DPR" made a repost. Vityuk notes that the SBU has long identified both resources as working with Russian intelligence — the GRU.
"They position themselves as voluntary hacker-activists helping the Russian Federation. In fact, this is simply the legalization of the GRU GSH activities. The FSB also has such channels," says the head of the cyber security department of the SBU.
In addition, he notes, law enforcement officers have other evidence, in particular, "a certain handwriting" — specially created software products and infrastructure that hackers used to download files. According to these signs, the SBU connects the attack with SandWorm, which is a military unit of the 74455 GRU.
According to Vityuk, in this criminal proceeding, first of all, it is necessary to conduct a series of examinations regarding damages and affected systems, because the cyber attack destroyed data from a large number of physical and virtual servers. In addition, requests for obtaining the necessary information have already been sent to international partners and special services.
Based on these materials, the SBU will declare suspicions against all members of the SandWorm group, the head of military unit 74455 of the GRU, as well as the leadership of Russian intelligence.
"In our proceedings, we work out the entire vertical: starting from the member of the ART group, its head at the federal level, the profile deputy curator and director of the FSB and the leadership of the Main Directorate of the General Staff of the Ministry of Defense of the Russian Federation," Vityuk said.
Next, the SBU will send the indictment to the court. The materials will also be handed over to the International Criminal Court, as cyberattacks on civilian infrastructure, in particular on communications operators, can be recognized as a war crime, Vityuk notes.
- On December 12, 2023, the operator "Kyivstar" suffered a large-scale hacker attack, as a result of which subscribers lost communication and the Internet. The Russian group “Solntsepyok” claimed responsibility for the attack. At the time, the SBU declared that it was connected to the Russian Main Intelligence Directorate. The SBU started an investigation under eight articles, including sabotage and treason.
- CEO of "Kyivstar" Oleksandr Komarov stated that the hacker attack was very powerful — 40% of the virtual IT infrastructure was destroyed. He later admitted that hackers broke into the companyʼs security through the account of one of the employees.
- On December 20, “Kyivstar” resumed all services in Ukraine and abroad. Also, the operator canceled the following fee according to the tariff for its users. Damages from a cyber attack for the parent company "Kyivstar" Veon reached 3.6 billion hryvnias.