On December 12 last year, when the Kyivstar network was shut down, Ukraine faced its largest cyberattack since the Russian invasion. Just over a week later, all 24 million customers of the country's largest service provider were able to make phone calls and use the Internet again.
The hackers have been trying to enter the Kyivstar network since March 2023. This is what the head of the Cyber Department of the Ukrainian Security Service SBOe, Ilya Vityuk, told Reuters. In May, hackers from the Solntsepyok group penetrated Kyivstar's networks.
Eventually, perhaps from November onwards, hackers also gained access to the personal data of Kyivstar's 24 million customers. According to SBOe, they were able to access information about users' location and intercept Telegram traffic and SMS messages.
“No one is untouchable”
A day after the hack, Kyivstar denied that hackers had access to their customer data. Depending on the service provider, by turning off the entire network immediately, this part of the server will be protected. According to the security service, this is not the case, but Kyivstar insists to Reuters that there is no evidence of leakage of personal information.
“This attack is an important warning, not only to Ukraine, but to the entire West, that no one is immune,” said Witgoek, who notes that Kyivstar has invested in cybersecurity in recent years.
Kyvistar's CEO said in December that hackers entered through the account of a company employee. SBOe has not yet reached this conclusion. However, Vitgok is “almost certain” that the attack was controlled by Sandworm, a cyber branch of the Russian intelligence service.