Ukraine attributes Kyivstar Attack to Russian Sandworm Hackers
Ukraine’s Security Service has linked the cyber-attack on Kyivstar, the country's largest mobile network carrier, to the Russian hacking group Sandworm. The attack, occurring in December 2023, caused temporary disruptions in internet access and mobile communications for Kyivstar's customers. Illya Vitiuk, head of the Security Service of Ukraine (SSU) Cyber Security Department, revealed that subsequent attacks on Kyivstar were prevented in the days following the initial incident.
Vitiuk highlighted the enemy's strategy of intending to repeatedly strike to prolong disconnection, potentially overwhelming other operators' networks. Sandworm, reportedly associated with Russia’s military intelligence (GRU), has a history of targeting Ukraine's critical infrastructure. This includes the 2015 attack on the power grid, which plunged parts of the country into hours-long blackouts.
In the wake of the Russian invasion, Sandworm employed innovative techniques in late 2022, utilizing Operational Technology (OT) for a disruptive cyber-attack on a Ukrainian critical infrastructure entity, as identified by Mandiant, a cyber threat intelligence company.
Impact of the Kyivstar Cyber-Attack
Vitiuk revealed that the security service's investigation unveiled Sandworm's presence within Kyvistar's system from as early as May 2023, with full access obtained no later than November of that year. The highly sophisticated attack resulted in the wiping out of thousands of virtual servers and PCs, causing extensive and "disastrous" damage.
"SSU cyber specialists are meticulously analyzing samples of the malware employed by the adversary. The attack was meticulously planned over several months," Vitiuk emphasized.
Although the Kyivstar attack had a profound impact on the civilian population, Vitiuk assured that military communications remained largely unaffected.
The SSU, in a statement on its website, reported thwarting nearly 9000 cyber-attacks on Ukraine’s government resources and critical infrastructure facilities since the onset of Russia’s invasion.
For Further Reference