Source: heimdalsecurity.com – Author: Cristian Neagu
Kyivstar, Ukraine’s main provider of telecommunication services, says that it’s been the target of a ‘powerful hacker attack’.
The attack left customers without mobile or internet signal and caused the air raid sirens in the northeastern city of Sumy to malfunction as a result of the outage.
Kyivstar has over 25 million mobile customers and a million home internet users. Due to its site being affected, the company informed its customers about the outage through its social media channels.
One of the Biggest Cyberattacks Affecting Ukraine
We were the target of a powerful hacker attack. It caused a technical failure, as a result of which services were temporarily unavailable.
Kyivstar’s Service Outage Announcement on Facebook (Source)
According to Kyivstar, they informed law enforcement and other state agencies about the occurrence. In accordance with eight sections of the Ukrainian penal code, the Security Service of Ukraine (SSU) has commenced criminal procedures and declared that its special agents are participating in the inquiries.
In its statements, the telecommunication company also assured its customers that during the security incident, no personal data were breached by the attackers and that they will receive compensation for not being able to use the services.
Who Is Behind the Attack?
The attack was claimed by a group of threat actors that call themselves Solntsepek, which has been previously linked to the notorious Russian threat group Sandworm.
Sandworm is a hacker group within Russia’s GRU military intelligence agency that for nearly a decade caused some of the most disruptive cyberattacks in history, targeting Ukraine’s power grids, financial system, media, and government agencies.
SSU’s announcement and Kyivstar’s CEO, Oleksandr Komarov’s public speech both implied that Russian hackers may have planned the attack, given the current standoff between Russia and Ukraine, but no official confirmation came from the Ukrainian government regarding whether or not Solntsepek was behind the attack.
The only statement close to this matter was given on Tuesday by a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, that acknowledged Solntsepek’s claims in a Telegram post.
We, the Solntsepek hackers, take full responsibility for the cyberattack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems… We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as government agencies and law enforcement agencies of Ukraine. The rest of the offices helping the Armed Forces of Ukraine, get ready!
Solntsepek’s Message Claiming the Attack on Kyivstar
Kyivstar denied some of Solntsepek’s claims in an X post, writing that the rumors about the destruction of its computers and servers are fake.
The Recovery Process Initiated
As of 14.12.2023, Kyivstar restored its voice communication services, however its availability and quality depend on a multitude of factors. The home internet network has also been restored to 93%.
Kyivstar’s Website Announcement (Source)
The company is working 24/7 to fully restore the damages created, but the company’s CEO declared in some televised appearances that the restoration process will probably last a few weeks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/kyivstar-cyberattack/
Category & Tags: Cybersecurity News – Cybersecurity News
