Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Cyberattack Cripples Ukraine’s Largest Telecom Operator

Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens.

Kyivstar cyberattack

Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens.

Kyivstar has nearly 25 million mobile subscribers and more than 1 million home internet customers.

Kyivstar CEO Oleksandr Komarov claimed the cyberattack was “a result of” the war with Russia and that the company’s IT infrastructure had been “partially destroyed”.

A system used to send air raid alerts in parts of Kyiv was also impacted.

Kyivstar parent company, Netherlands-based VEON Ltd., confirmed that Kyivstar had been the target of a widespread attack on the morning of December 12, 2023, calling it “one of the largest cyberattacks in the history of the global telecom market.”

“Kyivstar technical teams are working on eliminating the consequences of the hacker attack and restoring communication as soon as possible,” the company said. “They are working in close cooperation with Ukrainian law enforcement agencies to determine the circumstances and consequences of the interference in the Kyivstar network. At the time of this release, the personal data of subscribers has not been compromised, to the best of Kyivstar’s knowledge.”

The company’s main website remains offline at the time of publishing.

The damaging attack appears to be the most impactful event in cyberspace to hit Ukraine since Russia’s invasion in February 2022, when a cyberattack on Viasat crippled communications on the KA-SAT satellite network used by Ukraine’s government and military, also impacting tens of thousands of modems across Europe.

Advertisement. Scroll to continue reading.

“The attack won’t be as damaging to military communications as the VIASAT hack,” noted security researcher Thaddeus Grugq, also known as the Grugq. “Ukraine’s mobile telecommunications systems have been configured for increased resilience to disruption.”

“This sort of attack shapes the battle space and creates conditions that can be exploited,” Grugq continued. “For example, I would think that the front lines and the ISR (intelligence, surveillance, reconnaissance) drone operators will have less bandwidth to communicate with artillery and other support elements. This will decrease their operational capacity and reduce their defensive capabilities.”

The notorious pro-Russia hacker group Killnet claimed responsibility for the attack through a note on Telegram, but without any evidence to support the claim.

“We regard this claim skeptically,” Dan Black, Principal Analyst, Mandiant Intelligence – Google Cloud, told SecurityWeek. “Previous KillNet operations have not demonstrated capabilities that would allow them to conduct this level of operation. In addition this claim of responsibility does not match that pattern and was released hours after the operation and does not release any ‘proof,’ raising the possibility that it is simply an opportunistic claim, rather than a legitimate one.”

“While the source of this attack remains unconfirmed and under active investigation by Ukrainian authorities, it is likely the result of Russian-allied actors. Attacks on critical infrastructure such as telecommunications, electricity, and public utilities are a core component of the Russian cyber warfare landscape,” said Nick Tausek, Lead Security Automation Architect at Swimlane.

As of 20:00 Kyiv time on December 12, 2023, Kyivstar said it had partially restored the operation of fixed-line services. “Currently, the Kyivstar technical teams are working on restoring other services, with the intention of and the best effort towards achieving recovery starting 13 December 2023. The restoration of services may be gradual, and Kyivstar will inform the public and its customers as the restoration progresses.”

In the weeks before and immediately after Russia launched its war against Ukraine on February 24, 2022, Russia appeared to intensify its attacks in cyberspace, with distributed denial-of-service (DDoS) attacks, disruptive wiper malware, and misinformation campaigns.

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet