More than 25 million Ukrainians have been unable to make calls or connect to mobile Internet since Tuesday, December 12. A cyberattack of unprecedented scale has jammed the network of Kyivstar, Ukraine's largest mobile operator, pointing to a group of hackers linked to Russian military intelligence. The date is undoubtedly no coincidence: it coincides exactly with the arrival in the United States of President Volodymyr Zelensky, who strongly advocated the continuation of American aid to his country.
Read also (February 2023): Article reserved for our subscribers The war in Ukraine is leading the world into the age of cyberattacks
From the first hours of the outage, long queues formed in front of rival operators' branches across Ukraine. Then in Kiev it very quickly became impossible to take out a subscription with another mobile operator. Since the Russian invasion began in February 2022, subscribers have been able to switch from one operator to another in the event of an outage. But faced with the threat of an escalating cyberattack, Kyivstar shut down everything to limit the damage. It was only on the third day that the operator began “gradually restoring” its services to respect security protocols. On Thursday evening, access remained very limited.
The company's president, Oleksandr Komarov, said Wednesday that “the enemy was able to penetrate the heart of the company's infrastructure” by relying on an employee's account, suggesting that an employee's computer information (e.g. VPN credentials) stolen by hackers to access the corporate network. No personal information was stolen by the hackers, he added, reassuring his subscribers.
Mr. Komarov, who spoke out several times, in addition to the hacked accounts, also put forward the hypothesis that an employee was working for the Russian services: “In every company there can be recruited agents, just as there are people working with the Russian service Army work together.” and send them target coordinates”
A day earlier, on Tuesday, Ukrainian security services in a statement blamed the attack on a group of hackers working on behalf of Russia's military intelligence agency (GRU).
False nose of the GRU
A group called “Solntsepiok” (“Cooked by the Sun” in Russian and a reference to a thermobaric weapon in the Russian arsenal) claimed responsibility for the attack on Wednesday. “We attacked Kyivstar because the company provides its services to the Ukrainian Armed Forces and government and law enforcement agencies of Ukraine,” the message said, accompanied by screenshots showing the intrusion into Kyivstar’s computer system.
You still have 50% of this article left to read. The rest is reserved for subscribers.