“We faced a significant cyberattack at Kyivstar, largest telecom operator of Ukraine, starting from at least May last year,” shared Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department.
“This attack served as a big warning to the West, causing disastrous destruction and aiming to land a psychological blow while gathering intelligence,” he added during a recent interview.
The attack, one of the most dramatic since Russia’s invasion two years ago, disrupted services for around 24 million users for several days from Dec. 12.
Vitiuk emphasized that it should be a wake-up call for the entire Western world, highlighting that no one is untouchable in the realm of cyber threats. The cyber spy chief revealed exclusive details about the hack, describing it as probably the first example of a destructive cyberattack that completely destroyed the core of a telecoms operator.
He pointed out that Kyivstar, a wealthy private company, had invested significantly in cybersecurity. Vitiuk suggested that the attack was orchestrated by Sandworm, a Russian military intelligence cyberwarfare unit linked to previous cyberattacks in Ukraine.
Investigating the attack is challenging due to the wiping of Kyivstar’s infrastructure, but Vitiuk expressed confidence in the SBU’s efforts to analyze recovered malware samples. Despite the widespread impact on communication services, he noted that the attack had no major impact on Ukraine’s military, which relies on different algorithms and protocols.
The cyberattack also revealed vulnerabilities in critical infrastructure, with queues forming as people rushed to buy alternative SIM cards, impacting services like ATMs and air-raid sirens. Vitiuk commended the SBU’s incident response efforts, highlighting the successful restoration of Kyivstar’s services by Dec. 20. He mentioned that similarities between Kyivstar and Russian mobile operator Beeline might have made the attack easier, and the insider who assisted the hackers likely did not have high-level clearance within the company.
Despite the destruction, the attack did not include a major missile or drone strike, limiting its impact during a crucial time. The motive behind the choice of Dec. 12 remains unclear, with Vitiuk speculating that it might have been an individual seeking recognition or advancement.”
Interesting Article : Securing Networks : Ivanti Resonds Swiftly To Zero-Day Exploits