NEW DELHI: In one of the most dramatic hacking incidents since Russia’s invasion of Ukraine, Russian hackers remained inside Ukrainian telecoms giant Kyvistar’s system since May 2023, reported news agency Reuters quoting Kyiv’s cyber spy chief.
The same hackers on December 12 disrupted the services that Ukraine’s biggest telecoms operator provides to around 24 million users.The Ukrainian spy chief said the incident should serve as a “big warning” to the West.
In an interview, Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused “disastrous destruction and aimed to land a psychological blow and gather intelligence”.
“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” he told Reuters.
Vitiuk claimed that the attack wiped “almost everything”, including thousands of virtual servers and PCs from the database of Kyvistar, the company he stressed had invested a lot in cybersecurity. He described the cyber attack as the first instance that “completely destroyed the core of a telecoms operator.”
During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on December 27.
“For now, we can say securely, that they were in the system at least since May 2023,” he said.
“I cannot say right now, since what time they had … full access: probably at least since November,” he added.
He said that the SBU evaluated that the hackers possessed the capability to pilfer personal information, discern the locations of phones, intercept SMS messages, and potentially seize Telegram accounts given the extent of access they obtained.
A Kyivstar spokesperson told the news agency that the company was “working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks”. The spokesperson said, “No facts of leakage of personal and subscriber data have been revealed.”
Vitiuk said the SBU helped Kyivstar restore its systems within days and repel new cyber attacks.
“After the major break there were a number of new attempts aimed at dealing more damage to the operator,” he said.
The investigation into the attack has become more challenging due to the wiping of Kyivstar’s infrastructure. Vitiuk expressed a high level of certainty that the responsible party was Sandworm, a cyberwarfare unit affiliated with Russian military intelligence, known for its involvement in cyberattacks in Ukraine and other regions.
Meanwhile, Russia’s defence ministry has not responded to a request for comment on Vitiuk’s remarks.
The same hackers on December 12 disrupted the services that Ukraine’s biggest telecoms operator provides to around 24 million users.The Ukrainian spy chief said the incident should serve as a “big warning” to the West.
In an interview, Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused “disastrous destruction and aimed to land a psychological blow and gather intelligence”.
“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” he told Reuters.
Vitiuk claimed that the attack wiped “almost everything”, including thousands of virtual servers and PCs from the database of Kyvistar, the company he stressed had invested a lot in cybersecurity. He described the cyber attack as the first instance that “completely destroyed the core of a telecoms operator.”
During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on December 27.
“For now, we can say securely, that they were in the system at least since May 2023,” he said.
“I cannot say right now, since what time they had … full access: probably at least since November,” he added.
He said that the SBU evaluated that the hackers possessed the capability to pilfer personal information, discern the locations of phones, intercept SMS messages, and potentially seize Telegram accounts given the extent of access they obtained.
A Kyivstar spokesperson told the news agency that the company was “working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks”. The spokesperson said, “No facts of leakage of personal and subscriber data have been revealed.”
Vitiuk said the SBU helped Kyivstar restore its systems within days and repel new cyber attacks.
“After the major break there were a number of new attempts aimed at dealing more damage to the operator,” he said.
The investigation into the attack has become more challenging due to the wiping of Kyivstar’s infrastructure. Vitiuk expressed a high level of certainty that the responsible party was Sandworm, a cyberwarfare unit affiliated with Russian military intelligence, known for its involvement in cyberattacks in Ukraine and other regions.
Meanwhile, Russia’s defence ministry has not responded to a request for comment on Vitiuk’s remarks.