ClickCease Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed

by Wajahat Raja

December 27, 2023 - TuxCare expert team

Ukraine’s largest telecom operator, Kyivstar, was recently shut down after falling prey to a cyberattack. The Kyivstar cyber attack left millions of Ukrainians without access to cellular or internet services. Recent reports have cited the telecom operator’s CEO, Alexander Komarov, stating that the cybersecurity incident at Kyivstar was connected to ongoing conflicts with Russia. 


In this blog, we’ll explore the
Kyivstar cyber attack, identify details of what happened, and how consumers were affected.

 

Investigation Into Kyivstar Cyber Incident


Kyivstar, owned by Netherlands-based VEON, currently serves around 25 million mobile users and 1 million home internet customers. Based on the information available, Kyivstar customers, on December 12th, began complaining about network and internet services not being available. 


The hacker attack was later confirmed in a
news release issued by Kyivstar’s parent company. Sources from within Kyivstar informed news outlets that threat actors behind the Ukraine telecom operator breach had accessed a part of the operator’s network to orchestrate the attack. 


Given the severity of the attack, the operator had to shutdown the entire network in response
to Kyivstar cyber security breach and to limit attacker access. 


Impact Of The Kyivstar Cyber Attack


As far as the
impact of the Kyivstar cyber attack is concerned, it’s worth mentioning that the attack caused severe damage to the operator’s infrastructure. Commenting on the matter, the Chief Executive at Kyivstar, in a video message, stated, “We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access.”  In addition, the cyber security incident at Kyivstar also had a transitional impact on its consumers.

 

Many users choose to switch network providers, given that no additional contracts are required in Ukraine, and the costs are highly affordable. Reports have mentioned that Vodafone, the second largest telecom operator in Ukraine saw a 30% increase on their network on the day of the Kyivstar cyber attack. A statement made by Vodafone with regards to the increase reads, “The company’s engineers work to maintain network availability for all subscribers in such conditions.” 


In addition, the
Kyivstar cyber attack also had a transitional impact on PrivatBank – the largest state-owned bank in Ukraine. The financial institution said that their banking functionalities, ATMs, and point-of-sale (POS) terminals were impacted as they relied on using Kyivstar sim cards. Monobank, another Ukrainian financial institution, reported suffering from a distributed denial-of-service (DDoS) attack. 


To further emphasize the severity of the attack, it’s worth mentioning that Ruslan Kravchencko, the head of the
regional state administration in Kyiv, warned that the Kyivstar cyber attack had compromised air raid alert systems. These systems are used to notify residents of Russian missile strikes in the region. The aftermath of the cybersecurity incident at Kyivstar serves as a stark reminder for developing cybersecurity strategies and ensuring telecommunication security.

 

Potential Suspects


The threat actor group behind the attack remains unknown. However, reports have hinted towards Russian origins. It’s worth mentioning that a Russian hacker in March last year distributed web traffic from the Ukrtelecom network. The attack is known to have caused one of the most widespread internet outages ever since Russia’s invasion of Ukraine.


Ukrainian threat actors, on the other hand, are also targeting Russian-based small internet service providers functioning in the occupied parts of Ukraine. An unknown group of hackers claimed responsibility for an attack on Dozor-port, a satellite communication provider used by Russian energy companies and the nation’s defense and security services.


It’s worth noting that such incidents serve as a representation of
cyber threats to telecommunications industry. Deriving actionable insights from these incidents is essential to mitigating risks in telecom infrastructure


Conclusion 


The
Kyivstar cyber security breach left millions of Ukrainians without access to mobile communication or the internet. In addition, the impact of the attacks transitioned into Kyivstar users switching to competitor service providers. Operations of Ukrainian financial institutions and air raid alert systems were also compromised. 


The
Kyivstar cyber attack serves as a stark reminder of cyber threats to the telecommunication industry. Furthermore, it necessitates that internet and mobile communication providers must implement proactive security measures to safeguard their network, infrastructure, dependent partners, and consumers.  


The sources for the piece include articles in
The Hacker News and The Record

 

Summary
Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed
Article Name
Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed
Description
Kyivstar cyber attack leaves operator paralyzed. Learn about the attack, countermeasures, and more. Stay informed, stay secure!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!