Russian Hackers Orchestrate Ukrainian Telecom Giant Attack
In a recent revelation by Ukraine’s top cyber official, Illia Vitiuk, it has been unveiled that the cyberattack on Kyivstar, Ukraine’s largest telecom operator, had its roots embedded months before the notorious December hack. The Ukrainian Telecom Giant attack, attributed to the Russian state-controlled hacker group Sandworm, stands out as one of the most impactful disruptive cyber attack on telecom networks of Ukraine since the Russian invasion in the preceding year.
According to Vitiuk, the hackers initiated their attempt to breach Kyivstar’s defenses as early as March 2023, successfully gaining entry into the system by May. By November, it is believed that the hackers had secured full access to the network, setting the stage for the devastating attack that left millions of Kyivstar subscribers without mobile signal and internet access for several days starting December 12.
Culprit of The Ukrainian Telecom Giant Attack
While Solntsepek claimed responsibility for the hack in December, Vitiuk points to the strong likelihood of Sandworm group activities, given their historical connection with the former. The aftermath of the telecom infrastructure vulnerability witnessed the wiping out of crucial data, including virtual servers and personal computers, with Kyivstar CEO Oleksandr Komarov highlighting the destruction of core network functions responsible for managing communication services.
The severity of the Ukrainian telecommunications security attack raises concerns about potential data breaches, with the hackers having the capability to steal personal information, track phone locations, intercept SMS messages, and possibly compromise Telegram accounts. However, Kyivstar has reassured us that no personal or subscriber data was leaked. Despite the catastrophic impact, Vitiuk notes that several subsequent attempts were made by hackers to further damage the operator.
Method of Intrusion
The specifics of how the Sandworm threat actors infiltrated Kyivstar’s network and the type of malware employed remain unclear. Komarov hinted at a potential internal intrusion, but details are scarce. Vitiuk, however, asserts that if an insider aided the hackers, their clearance level within the company was likely low, as evidenced by the use of malware designed to pilfer password hashes. The attack’s relative ease might be attributed to similarities with the infrastructure of the Russian mobile operator Beeline.
Motives and Consequences
Vitiuk emphasizes that the primary objective of the attack was to cause “disastrous” destruction, deliver a psychological blow, and gather intelligence. He perceives it as a substantial warning to the Western world. Kyivstar, a Ukrainian subsidiary of the Netherlands-based VEON, suffered significant financial losses, amounting to billions in Ukraine’s national currency. Despite this, the telecom provider chose not to bill subscribers for January as a gesture of apology for the inconvenience caused.
Incident Response For Telecom Breaches
The Ukrainian telecom giant attack disrupted various services, including air raid sirens, banks, ATMs, and point-of-sale terminals. However, Kyivstar managed to restore all services in Ukraine and abroad by December 20. Notably, the communication systems of the Ukrainian armed forces remained unscathed, relying on distinct algorithms and protocols that do not hinge on telecom operators.
Vitiuk warns that telecom operators remain attractive targets for Russian hackers, citing a previous serious attempt to penetrate one of Ukraine’s telecom operators in October. While the attempt was thwarted, it underscores the persistent threat faced by the telecommunications industry in the region.
This cybersecurity breach in telecom industry serves as a stark reminder of the evolving landscape of cyber threats, with state-controlled hacker groups orchestrating sophisticated attacks with far-reaching consequences. As organizations strive to fortify their telecom cybersecurity measures, the incident prompts a collective call to action to bolster defenses and enhance vigilance in the face of the persistent and evolving Ukraine cyber threat landscape.