The Ukrainian cybersecurity authorities have announced that the state-sponsored Russian threat actor known as Sandworm infiltrated the systems of telecom operator Kyivstar as early as May 2023. This revelation, initially reported by Reuters, follows a significant cyber incident last month, characterized as a “powerful hacker attack,” which disrupted mobile and internet services for millions of customers. The responsibility for the breach was claimed by a Russian-linked hacking group called Solntsepyok, associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the same entity operating Sandworm.
Solntsepyok has a history of orchestrating disruptive cyber attacks, including accusations from Denmark of targeting 22 energy sector companies in the previous year. Illia Vitiuk, the head of the Security Service of Ukraine’s (SBU) cybersecurity department, revealed that the attack on Kyivstar resulted in extensive damage, wiping out data from thousands of virtual servers and computers, effectively crippling the core operations of the telecoms operator. Vitiuk stated that the attackers likely had full access since at least November, following months of meticulous preparation.
Despite the severity of the attack, Kyivstar has managed to restore its operations, and there is currently no evidence suggesting the compromise of subscribers’ personal data. The method by which the threat actor infiltrated the network remains unknown, as the company had previously dismissed speculations about the destruction of its computers and servers as “fake.”
This disclosure comes in the context of the SBU’s recent revelation that it successfully took down two online surveillance cameras allegedly hacked by Russian intelligence agencies. These cameras were reportedly used to spy on defense forces and critical infrastructure in Kyiv, allowing the adversary to remotely control the cameras, adjust their angles, and connect them to YouTube to capture visual information within their range.