01-07-2024 , 06:36 AM
https://www.bitdefender.com/blog/hotfors...attacking/ Russia Had Access for Months to Ukraine's Largest Telecom Operator Before Attacking
Silviu STAHIE
January 05, 2024 Following the December attack on Ukraine's largest telecom operator, Kyivstar, more than 24 million subscribers had their Internet and mobile connections severed. Now, a report from the head of the Security Service of Ukraine reveals that Russia had access to critical infrastructure for months.
Until Russia compromised Kyivstar, Ukraine held its own in cyberwarfare. With minor exceptions, the Russians failed to make a dent in critical infrastructure, and they definitely tried. Ukrainian authorities reported numerous attacks against various organizations that had little effect.
In fact, the chief of the Security Service of Ukraine (SBU), Illia Vitiuk, said in an interview with Reuters that they prevented over 4,500 major cyberattacks in 2023 alone. However, the attack on Kyivstar telecom operators was different, as the attacker completely destroyed the company's core, as Vitiuk described the incident.
"For now, we can say securely, that they were in the system at least since May 2023," Vitiuk said in the interview. “I cannot say right now, since what time they had ... full access: probably at least since November."
"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," said Vitiuk. The attackers, believed to be Sandworm (a group belonging to the Russian military), wiped out the entire core of the company, which was comprised of thousands of PCs and virtual machines.
The SBU found that the attackers had been inside the systems for months, exfiltrating data, possibly tracking phone locations, intercepting SMS messages, and more. Fortunately, the company rebuilt systems in a few days and resumed operations.
One consequence of the attack was that the air-raid siren didn't work in certain areas, which could have been a serious issue. Strangely enough, the Russians didn't take advantage of the attack on the telecom operator, and even Vitiuk said that it's unclear why they chose December 12 in the first place.
"Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn't affect us strongly," Vitiuk also added.
Lastly, the SBU chief also said something of note. The December 12 attack on Kyivstar was not the first. SBU stopped another one in 2023, which remained undisclosed until now. They could only stop it because they had also infiltrated Russian telecom operators, which let them know about the Russian plans.
Silviu STAHIE
January 05, 2024 Following the December attack on Ukraine's largest telecom operator, Kyivstar, more than 24 million subscribers had their Internet and mobile connections severed. Now, a report from the head of the Security Service of Ukraine reveals that Russia had access to critical infrastructure for months.
Until Russia compromised Kyivstar, Ukraine held its own in cyberwarfare. With minor exceptions, the Russians failed to make a dent in critical infrastructure, and they definitely tried. Ukrainian authorities reported numerous attacks against various organizations that had little effect.
In fact, the chief of the Security Service of Ukraine (SBU), Illia Vitiuk, said in an interview with Reuters that they prevented over 4,500 major cyberattacks in 2023 alone. However, the attack on Kyivstar telecom operators was different, as the attacker completely destroyed the company's core, as Vitiuk described the incident.
"For now, we can say securely, that they were in the system at least since May 2023," Vitiuk said in the interview. “I cannot say right now, since what time they had ... full access: probably at least since November."
"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," said Vitiuk. The attackers, believed to be Sandworm (a group belonging to the Russian military), wiped out the entire core of the company, which was comprised of thousands of PCs and virtual machines.
The SBU found that the attackers had been inside the systems for months, exfiltrating data, possibly tracking phone locations, intercepting SMS messages, and more. Fortunately, the company rebuilt systems in a few days and resumed operations.
One consequence of the attack was that the air-raid siren didn't work in certain areas, which could have been a serious issue. Strangely enough, the Russians didn't take advantage of the attack on the telecom operator, and even Vitiuk said that it's unclear why they chose December 12 in the first place.
"Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn't affect us strongly," Vitiuk also added.
Lastly, the SBU chief also said something of note. The December 12 attack on Kyivstar was not the first. SBU stopped another one in 2023, which remained undisclosed until now. They could only stop it because they had also infiltrated Russian telecom operators, which let them know about the Russian plans.