Ukraine’s top mobile operator hit by biggest cyberattack of war so far
2023.12.12 14:52
© Reuters. A woman talks on the phone in front of a store of Ukraine’s telecommunications company Kyivstar, amid Russia’s attack on Ukraine, in Kyiv, Ukraine December 12, 2023. REUTERS/Alina Smutko
2/4
By Max Hunder, Jonathan Landay and Stefaniia Bern
KYIV (Reuters) – Ukraine’s biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.
Kyivstar has 24.3 million mobile subscribers – more than half of Ukraine’s population – as well as over 1.1 million home internet subscribers.
Its CEO Oleksandr Komarov said the attack was “a result of” the war with Russia, although he did not say which Russian body he believed to be responsible, and that the company’s IT infrastructure had been “partially destroyed”.
“War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war,” he told a national television broadcast.
Ukraine’s SBU intelligence agency told Reuters one of the possibilities it was investigating was that of a cyber-attack conducted by Russian security services.
Russia’s foreign ministry did not immediately respond to a request for comment.
Komarov said it was unclear when Kyivstar would be able to restore connection.
“(The attack) significantly damaged (our) infrastructure, limited access, we could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” Komarov said.
Russian hacktivist group Killnet put out a statement on Telegram claiming responsibility for the attack. They did not provide evidence for their claim.
A source close to Kyivstar said the Ukrainian military was not affected by the outage.
The outage was one of the biggest hacks to have hit Ukraine since Russia’s invasion in February 2022, when a cyberattack hit Viasat Inc (VSAT.O), disabling thousands of satellite internet modems across Europe, and causing a huge loss in communications for Ukraine at the war’s outset.
In Kyiv, some people rushed to connect to other network providers and a small queue of customers formed at a store for Vodafone (NASDAQ:), Kyivstar’s largest competitor.
One man who bought a new SIM was 25-year-old PR consultant Dmytro. “My connection has completely disappeared, my internet and my satellite navigation aren’t working, I can’t move around the city,” he said.
STATE ACTOR
A source close to Ukraine’s cyber defence also said that Russia was suspected to be the source of the attack, but no specific group had been identified.
“It’s definitely a state actor,” said the source, who asked not to be identified because of the delicacy of the issue, adding that data cable interception showed “a lot of Russian controlled traffic directed at these networks.”
“There’s no ransom. It’s all destruction. So it’s not a financially motivated attack,” said the source.
Ukrainian officials said that air raid alert systems in more than 75 settlements in Kyiv region, which surrounds the capital, were affected by the cyberattack.
“Patrol police and State Emergency Service crews will work in those settlements where there are problems with the operation of the systems,” Kyiv region Governor Ruslan Kravchenko wrote on Facebook (NASDAQ:).
“They will announce aerial danger through loudspeakers,” he said.
Kyivstar, owned by Amsterdam-listed mobile telecoms operator Veon, said in a statement on Facebook that it was working to repair the outage and was cooperating with law enforcement bodies.
Veon said it was also investigating the attack and it could not yet quantify the financial impact.
Komarov said two databases containing customer data had been damaged and were currently locked.
“The most important thing is that the personal data of users has not been compromised,” Kyivstar said in its statement, promising to compensate customers.
Separately, the co-founder of Monobank, a major Ukrainian payment system, said in a social media post that his company was currently suffering a distributed denial of service (DDoS) attack, but that everything was “under control”. He subsequently said that attack had been fought off.
Representatives of PrivatBank and Oschadbank, two major Ukrainian financial institutions, told media outlet Hromadske that part of their AT machines and card terminals had been affected by the Kyivstar outage.
Ukrainian state bodies and companies have often accused Russia of orchestrating cyberattacks against them in the past.