Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed
Ukraine’s largest telecom operator, Kyivstar, was recently shut down after falling prey to a cyberattack. The Kyivstar cyber attack left millions of Ukrainians without access to cellular or internet services. Recent reports have cited the telecom operator’s CEO, Alexander Komarov, stating that the cybersecurity incident at Kyivstar was connected to ongoing conflicts with Russia.
In this blog, we’ll explore the Kyivstar cyber attack, identify details of what happened, and how consumers were affected.
Investigation Into Kyivstar Cyber Incident
Kyivstar, owned by Netherlands-based VEON, currently serves around 25 million mobile users and 1 million home internet customers. Based on the information available, Kyivstar customers, on December 12th, began complaining about network and internet services not being available.
The hacker attack was later confirmed in a news release issued by Kyivstar’s parent company. Sources from within Kyivstar informed news outlets that threat actors behind the Ukraine telecom operator breach had accessed a part of the operator’s network to orchestrate the attack.
Given the severity of the attack, the operator had to shutdown the entire network in response to Kyivstar cyber security breach and to limit attacker access.
Impact Of The Kyivstar Cyber Attack
As far as the impact of the Kyivstar cyber attack is concerned, it’s worth mentioning that the attack caused severe damage to the operator’s infrastructure. Commenting on the matter, the Chief Executive at Kyivstar, in a video message, stated, “We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access.” In addition, the cyber security incident at Kyivstar also had a transitional impact on its consumers.
Many users choose to switch network providers, given that no additional contracts are required in Ukraine, and the costs are highly affordable. Reports have mentioned that Vodafone, the second largest telecom operator in Ukraine saw a 30% increase on their network on the day of the Kyivstar cyber attack. A statement made by Vodafone with regards to the increase reads, “The company’s engineers work to maintain network availability for all subscribers in such conditions.”
In addition, the Kyivstar cyber attack also had a transitional impact on PrivatBank – the largest state-owned bank in Ukraine. The financial institution said that their banking functionalities, ATMs, and point-of-sale (POS) terminals were impacted as they relied on using Kyivstar sim cards. Monobank, another Ukrainian financial institution, reported suffering from a distributed denial-of-service (DDoS) attack.
To further emphasize the severity of the attack, it’s worth mentioning that Ruslan Kravchencko, the head of the regional state administration in Kyiv, warned that the Kyivstar cyber attack had compromised air raid alert systems. These systems are used to notify residents of Russian missile strikes in the region. The aftermath of the cybersecurity incident at Kyivstar serves as a stark reminder for developing cybersecurity strategies and ensuring telecommunication security.
Potential Suspects
The threat actor group behind the attack remains unknown. However, reports have hinted towards Russian origins. It’s worth mentioning that a Russian hacker in March last year distributed web traffic from the Ukrtelecom network. The attack is known to have caused one of the most widespread internet outages ever since Russia’s invasion of Ukraine.
Ukrainian threat actors, on the other hand, are also targeting Russian-based small internet service providers functioning in the occupied parts of Ukraine. An unknown group of hackers claimed responsibility for an attack on Dozor-port, a satellite communication provider used by Russian energy companies and the nation’s defense and security services.
It’s worth noting that such incidents serve as a representation of cyber threats to telecommunications industry. Deriving actionable insights from these incidents is essential to mitigating risks in telecom infrastructure.
Conclusion
The Kyivstar cyber security breach left millions of Ukrainians without access to mobile communication or the internet. In addition, the impact of the attacks transitioned into Kyivstar users switching to competitor service providers. Operations of Ukrainian financial institutions and air raid alert systems were also compromised.
The Kyivstar cyber attack serves as a stark reminder of cyber threats to the telecommunication industry. Furthermore, it necessitates that internet and mobile communication providers must implement proactive security measures to safeguard their network, infrastructure, dependent partners, and consumers.
The sources for the piece include articles in The Hacker News and The Record.