ClickCease Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed

Wajahat Raja

December 27, 2023 - TuxCare expert team

Ukraine’s largest telecom operator, Kyivstar, was recently shut down after falling prey to a cyberattack. The Kyivstar cyber attack left millions of Ukrainians without access to cellular or internet services. Recent reports have cited the telecom operator’s CEO, Alexander Komarov, stating that the cybersecurity incident at Kyivstar was connected to ongoing conflicts with Russia. 

In this blog, we’ll explore the
Kyivstar cyber attack, identify details of what happened, and how consumers were affected.


Investigation Into Kyivstar Cyber Incident

Kyivstar, owned by Netherlands-based VEON, currently serves around 25 million mobile users and 1 million home internet customers. Based on the information available, Kyivstar customers, on December 12th, began complaining about network and internet services not being available. 

The hacker attack was later confirmed in a
news release issued by Kyivstar’s parent company. Sources from within Kyivstar informed news outlets that threat actors behind the Ukraine telecom operator breach had accessed a part of the operator’s network to orchestrate the attack. 

Given the severity of the attack, the operator had to shutdown the entire network in response
to Kyivstar cyber security breach and to limit attacker access. 

Impact Of The Kyivstar Cyber Attack

As far as the
impact of the Kyivstar cyber attack is concerned, it’s worth mentioning that the attack caused severe damage to the operator’s infrastructure. Commenting on the matter, the Chief Executive at Kyivstar, in a video message, stated, “We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access.”  In addition, the cyber security incident at Kyivstar also had a transitional impact on its consumers.


Many users choose to switch network providers, given that no additional contracts are required in Ukraine, and the costs are highly affordable. Reports have mentioned that Vodafone, the second largest telecom operator in Ukraine saw a 30% increase on their network on the day of the Kyivstar cyber attack. A statement made by Vodafone with regards to the increase reads, “The company’s engineers work to maintain network availability for all subscribers in such conditions.” 

In addition, the
Kyivstar cyber attack also had a transitional impact on PrivatBank – the largest state-owned bank in Ukraine. The financial institution said that their banking functionalities, ATMs, and point-of-sale (POS) terminals were impacted as they relied on using Kyivstar sim cards. Monobank, another Ukrainian financial institution, reported suffering from a distributed denial-of-service (DDoS) attack. 

To further emphasize the severity of the attack, it’s worth mentioning that Ruslan Kravchencko, the head of the
regional state administration in Kyiv, warned that the Kyivstar cyber attack had compromised air raid alert systems. These systems are used to notify residents of Russian missile strikes in the region. The aftermath of the cybersecurity incident at Kyivstar serves as a stark reminder for developing cybersecurity strategies and ensuring telecommunication security.


Potential Suspects

The threat actor group behind the attack remains unknown. However, reports have hinted towards Russian origins. It’s worth mentioning that a Russian hacker in March last year distributed web traffic from the Ukrtelecom network. The attack is known to have caused one of the most widespread internet outages ever since Russia’s invasion of Ukraine.

Ukrainian threat actors, on the other hand, are also targeting Russian-based small internet service providers functioning in the occupied parts of Ukraine. An unknown group of hackers claimed responsibility for an attack on Dozor-port, a satellite communication provider used by Russian energy companies and the nation’s defense and security services.

It’s worth noting that such incidents serve as a representation of
cyber threats to telecommunications industry. Deriving actionable insights from these incidents is essential to mitigating risks in telecom infrastructure


Kyivstar cyber security breach left millions of Ukrainians without access to mobile communication or the internet. In addition, the impact of the attacks transitioned into Kyivstar users switching to competitor service providers. Operations of Ukrainian financial institutions and air raid alert systems were also compromised. 

Kyivstar cyber attack serves as a stark reminder of cyber threats to the telecommunication industry. Furthermore, it necessitates that internet and mobile communication providers must implement proactive security measures to safeguard their network, infrastructure, dependent partners, and consumers.  

The sources for the piece include articles in
The Hacker News and The Record


Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed
Article Name
Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed
Kyivstar cyber attack leaves operator paralyzed. Learn about the attack, countermeasures, and more. Stay informed, stay secure!
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter