Ukrainian cybersecurity authorities revealed that a Russian state-backed threat actor known as Sandworm has been present on the systems of telecommunications operator Kyivstar since at least May 2023.
Reuters first reported the development.
The incident, described as a “powerful hack”, first came to light last month and left millions of customers without access to mobile and online services. Shortly after the incident, a Russia-linked hacking group called Solntsepyok admitted responsibility for the leak.
Solntsepyok has been assessed as a Russian threat group and is affiliated with the General Staff of the Armed Forces of the Russian Federation (GRU), which also operates Sandworm.
The Advanced Persistent Threat (APT) attacker has a track record of orchestrating destructive cyber attacks, and Denmark has accused the hacker group of targeting 22 energy industry companies last year.
Illia Vitiuk, head of the cyber security department of the Security Service of Ukraine (SBU), said that the attack on Kyivstar destroyed almost all the contents of thousands of virtual servers and computers.
He said the incident “completely destroyed the core of a telecoms operator,” noting that the attackers had had full access since at least November, gaining an initial foothold in the company’s infrastructure. Months later.
“This attack was the result of months of careful preparation,” Vitik said in a statement shared on the SBU website.
Kyivstar, which has now resumed operations, said there was no evidence that subscribers’ personal information had been leaked. It’s unclear how threat actors penetrated its networks.
It is worth noting that the company has previously dismissed speculation that attackers destroyed its computers and servers as “false.”
Earlier this week, the SBU revealed it had dismantled two online cameras it said were hacked by Russian intelligence agencies and were used to monitor defense forces and critical infrastructure in the capital Kiev.
The agency said the compromise allowed adversaries to remotely control the cameras, adjust the camera’s viewing angle, and connect them to YouTube to capture “all visual information within the camera’s range.”
