Ukraine telecoms giant hacked for months: probe

STORY: Russian hackers were inside Ukraine's telecoms giant Kyivstar for months last year and when they attacked on December 12, they knocked the operator completely offline and affected some 24 million users for days.

Cyber chief for the Security Service of Ukraine Illia Vitiuk spoke to Reuters exclusively - he revealed fresh details from the agency's probe into the most dramatic hack since Russia's full scale assault on Ukraine.

"This attack is a big, big message, a big, big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable. Kyivstar in fact is a private company, it is a big company, a wealthy company. And they invest a lot in cyber security."

During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier.

"We can say securely that they (hackers) were in the system at least since May, 2023. I cannot say right now since what time they had this full access: probably at least since November."

The destruction at Kyivstar began while the Ukrainian President was in Washington to press for more military aid.

Ukrainians rushed to buy other SIM cards because of the attack.

ATMs using Kyivstar cards for the internet ceased to work. But there were other more serious issues.

"The biggest problem was that in some regions even air raid alerts weren't actually functioning properly. So when you cannot call the ambulance etc, of course it caused very, very big panic here in Ukraine."

Vitiuk said he was "pretty sure" a Russian cyberwarfare unit Sandworm, carried out the attack.

They identified the unit from earlier, unreported attacks on other Ukrainian telecoms operators and bodies.

"Luckily, we, Security Service of Ukraine, we could act proactively because we were inside of enemy's system, and we saw that they are inside. So, we just came to this telecoms operator, inspected it and found them."

Ukrainian authorities assessed the hackers would have been able to steal personal information, understand the location of phones, intercept SMS-messages and perhaps steal Telegram accounts.

Although the military was largely unaffected by the hack.

Investigators are still working on how the break-in occurred - and keeping their mind open to all possibilities.

"Of course, the possibility of an insider, of some kind of treason is one of the versions we are working on. But for now, as there is no one accused, I won't make this information public."

Samples of the malware used to penetrate Kyivstar have been recovered and are being analyzed. Vitiuk added that the SBU had thwarted over 4,500 major cyberattacks on Ukrainian governmental bodies and critical infrastructure last year.