Russian hackers were inside Ukrainian Kyivstar at least since May 2023
Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year.
Illia Vitiuk, head of the SSU's cybersecurity department, said this in an interview with Reuters.
On December 12, Ukraine's mobile operator Kyivstar suffered a large-scale hacker attack, which resulted in the loss of connection and Internet access for its subscribers. At the time of the attack, Kyivstar was providing services to about 24.4 million mobile customers and more than 1.1 million fixed broadband customers.
Kyivstar CEO Oleksandr Komarov said the hacker attack had been very powerful. Part of the virtual IT infrastructure was destroyed. The hackers partially achieved their goal.
According to Illia Vitiuk, the attack could have been the first in the world when hackers managed to destroy the backbone network of a mobile operator - a centralised network responsible for providing and coordinating the operation of basic services.
The Russian hackers targeted the attack to gather intelligence and inflict a psychological blow. At the time, Ukrainian experts did not detect any leakage of personal data.
The Security Service of Ukraine found that the hackers probably tried to break into Kyivstar's system in March 2023 or earlier, and had been in the system since at least May.
I cannot say right now, since what time they had ... full access: probably at least since November,
said Vitiuk.
The cyberattack had a significant impact on the civilian population. The attack had no big impact on Ukraine's military, which did not rely on telecom operators and made use of what he described as "different algorithms and protocols".
Illia Vityuk also confirmed that the Sandworm hacker group, which is a regular unit of Russian military intelligence and has previously repeatedly carried out cyberattacks on Ukrainian targets, including telecommunications operators and Internet providers, was behind the attack.
The Ukrainian intelligence official warns that the hackers' behavioural pattern suggests that telecom operators may remain a target.
The SSU is currently investigating the large-scale hacking of Kyivstar under several articles of the Criminal Code of Ukraine.
In total, according to Illia Vitiuk, since the beginning of the full-scale invasion, the Security Service of Ukraine has "repelled" almost 9,000 cyberattacks on state resources and critical infrastructure facilities in Ukraine.