Russian hackers infiltrated Ukraine’s main mobile operator Kyivstar months before launching a “disastrous” cyberattack that disrupted services for some 24 million users, Reuters reported Thursday, citing Ukraine’s cybersecurity chief.
The Security Service of Ukraine (SBU) has said it suspects Russia’s secret service was behind the Dec. 12 Kyivstar attack that paralyzed its network for days. Kyivstar’s CEO Oleksandr Komarov said services had been fully restored nationwide as of Dec. 20.
Illia Vitiuk, head of the SBU’s cybersecurity unit, told Reuters the breach had “completely destroyed the core,” wiping thousands of Kyivstar’s virtual servers and computers.
“For now, we can say securely that they were in the system at least since May 2023,” Vitiuk was quoted as saying, adding that the hackers may have gained full access to Kyivstar’s servers in November.
He said the SBU believes the hackers may have gained the ability to steal personal information, intercept text messages, pinpoint the locations of phones and hijack accounts on the messaging app Telegram.
Vitiuk added that the cyberattack may have been successful because Kyivstar’s infrastructure is similar to that of the Russian mobile operator Beeline.
However, he noted that the impact of the attack was limited given the absence of a major missile or drone attack accompanying the breach.
“Maybe some colonel wanted to become a general,” he told Reuters when asked why the attack happened on Dec. 12, when Ukrainian President Volodymyr Zelensky was in Washington to appeal for more aid.
Vitiuk said he was “pretty sure” the culprit was the hacker group Sandworm, which has been linked to Russian intelligence following investigations into past cyberattacks in Ukraine and other countries.
The Kremlin has not commented on Kyiv’s accusations and Russia’s Defense Ministry did not respond to Reuters’ written request for comment.