Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Russia Had Access for Months to Ukraine's Largest Telecom Operator Before Attacking
#1
https://www.bitdefender.com/blog/hotfors...attacking/    Russia Had Access for Months to Ukraine's Largest Telecom Operator Before Attacking
Silviu STAHIE
January 05, 2024      Following the December attack on Ukraine's largest telecom operator, Kyivstar, more than 24 million subscribers had their Internet and mobile connections severed. Now, a report from the head of the Security Service of Ukraine reveals that Russia had access to critical infrastructure for months.

Until Russia compromised Kyivstar, Ukraine held its own in cyberwarfare. With minor exceptions, the Russians failed to make a dent in critical infrastructure, and they definitely tried. Ukrainian authorities reported numerous attacks against various organizations that had little effect.

In fact, the chief of the Security Service of Ukraine (SBU), Illia Vitiuk, said in an interview with Reuters that they prevented over 4,500 major cyberattacks in 2023 alone. However, the attack on Kyivstar telecom operators was different, as the attacker completely destroyed the company's core, as Vitiuk described the incident.

"For now, we can say securely, that they were in the system at least since May 2023," Vitiuk said in the interview. “I cannot say right now, since what time they had ... full access: probably at least since November."

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," said Vitiuk. The attackers, believed to be Sandworm (a group belonging to the Russian military), wiped out the entire core of the company, which was comprised of thousands of PCs and virtual machines.

The SBU found that the attackers had been inside the systems for months, exfiltrating data, possibly tracking phone locations, intercepting SMS messages, and more. Fortunately, the company rebuilt systems in a few days and resumed operations.

One consequence of the attack was that the air-raid siren didn't work in certain areas, which could have been a serious issue. Strangely enough, the Russians didn't take advantage of the attack on the telecom operator, and even Vitiuk said that it's unclear why they chose December 12 in the first place.

"Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn't affect us strongly," Vitiuk also added.

Lastly, the SBU chief also said something of note. The December 12 attack on Kyivstar was not the first. SBU stopped another one in 2023, which remained undisclosed until now. They could only stop it because they had also infiltrated Russian telecom operators, which let them know about the Russian plans.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ukraine Authorities Take Down Bot Farm Spreading Russian Misinformation mrtrout 0 1,292 07-20-2023 , 08:10 PM
Last Post: mrtrout
  (Kaspersky ) Top 10 countries with the largest number of threats of selected type mrtrout 0 909 02-04-2023 , 05:43 AM
Last Post: mrtrout
  Chinese Military Hackers Launch Tripple Cyberattack on Major Telecom Carriers mrtrout 0 811 08-04-2021 , 04:38 AM
Last Post: mrtrout
  Aurora campaign: Attacking Azerbaijan using multiple RATs mrtrout 0 1,368 04-09-2021 , 12:20 AM
Last Post: mrtrout
  Magento online stores hacked in largest campaign to date mrtrout 0 1,009 09-16-2020 , 05:07 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)