Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens.
Kyivstar has nearly 25 million mobile subscribers and more than 1 million home internet customers.
Kyivstar CEO Oleksandr Komarov claimed the cyberattack was “a result of” the war with Russia and that the company’s IT infrastructure had been “partially destroyed”.
A system used to send air raid alerts in parts of Kyiv was also impacted.
Kyivstar parent company, Netherlands-based VEON Ltd., confirmed that Kyivstar had been the target of a widespread attack on the morning of December 12, 2023, calling it “one of the largest cyberattacks in the history of the global telecom market.”
“Kyivstar technical teams are working on eliminating the consequences of the hacker attack and restoring communication as soon as possible,” the company said. “They are working in close cooperation with Ukrainian law enforcement agencies to determine the circumstances and consequences of the interference in the Kyivstar network. At the time of this release, the personal data of subscribers has not been compromised, to the best of Kyivstar’s knowledge.”
The company’s main website remains offline at the time of publishing.
The damaging attack appears to be the most impactful event in cyberspace to hit Ukraine since Russia’s invasion in February 2022, when a cyberattack on Viasat crippled communications on the KA-SAT satellite network used by Ukraine’s government and military, also impacting tens of thousands of modems across Europe.
“The attack won’t be as damaging to military communications as the VIASAT hack,” noted security researcher Thaddeus Grugq, also known as the Grugq. “Ukraine’s mobile telecommunications systems have been configured for increased resilience to disruption.”
“This sort of attack shapes the battle space and creates conditions that can be exploited,” Grugq continued. “For example, I would think that the front lines and the ISR (intelligence, surveillance, reconnaissance) drone operators will have less bandwidth to communicate with artillery and other support elements. This will decrease their operational capacity and reduce their defensive capabilities.”
The notorious pro-Russia hacker group Killnet claimed responsibility for the attack through a note on Telegram, but without any evidence to support the claim.
“We regard this claim skeptically,” Dan Black, Principal Analyst, Mandiant Intelligence – Google Cloud, told SecurityWeek. “Previous KillNet operations have not demonstrated capabilities that would allow them to conduct this level of operation. In addition this claim of responsibility does not match that pattern and was released hours after the operation and does not release any ‘proof,’ raising the possibility that it is simply an opportunistic claim, rather than a legitimate one.”
“While the source of this attack remains unconfirmed and under active investigation by Ukrainian authorities, it is likely the result of Russian-allied actors. Attacks on critical infrastructure such as telecommunications, electricity, and public utilities are a core component of the Russian cyber warfare landscape,” said Nick Tausek, Lead Security Automation Architect at Swimlane.
As of 20:00 Kyiv time on December 12, 2023, Kyivstar said it had partially restored the operation of fixed-line services. “Currently, the Kyivstar technical teams are working on restoring other services, with the intention of and the best effort towards achieving recovery starting 13 December 2023. The restoration of services may be gradual, and Kyivstar will inform the public and its customers as the restoration progresses.”
In the weeks before and immediately after Russia launched its war against Ukraine on February 24, 2022, Russia appeared to intensify its attacks in cyberspace, with distributed denial-of-service (DDoS) attacks, disruptive wiper malware, and misinformation campaigns.
