Kyivstar President Oleksandr Komarov has divulged further details about Russia’s cyberattack against the telecommunications company in December, which left its system infrastructure extensively damaged and knocked it out of operation for days.

During a panel discussion at the Kyiv International Cyber Resilience Forum (KICRF), Komarov said that there were two versions of events according to the ongoing investigation by the Security Service of Ukraine (SBU), with one version pointing towards compromised accounts between Kyivstar and a service provider.

He said that once the accounts were breached, hackers were able to access the system and later launch attacks against the virtual and physical infrastructure, which nearly wiped out the former.

Advertisement

Komarov added that he wasn’t sure if a single employee was responsible for the account compromise, and nothing is conclusive at this point of the investigation.

Ilya Vityuk, head of the SBU's Cyber ​​Security Department, told Reuters in January that hackers had access at least since May 2023. Vityuk also said in an earlier panel discussion that some residents were unable to receive missile strike warnings because of the network outage.

Serhii Demediuk, deputy secretary of the National Security and Defense Council of Ukraine, told Kyiv Post that authorities informed Kyivstar of the threats five months prior to the hack and that more work is needed to prevent similar incidents.

‘Significant Damage’ to Thermal Power Plants in Latest Attack – Ukraine’s Energy Operator
Other Topics of Interest

‘Significant Damage’ to Thermal Power Plants in Latest Attack – Ukraine’s Energy Operator

DTEK, one of Ukraine’s major energy operators, said its power plants were targeted by Russian drones and missiles, and they sustained “significant damage” in the attack.

“So now we are revising, or revisiting, our algorithms [...] our relations with large, private tech corporations so that we can prevent them in practice from showing such vulnerabilities,” said Demediuk.

Yegor Aushev, CEO of cybersecurity firm Cyber Unit Technologies, told Kyiv Post the Kyivstar incident was in fact a “cyber operation” that took months of planning, which would explain the gap between the hacker gaining access and conducting the attack.

“Usually every big cyber operation, cyber attack, [is prepared] in advance – like six months to three months minimum. And then hackers get in, they wait, and then when they need [to] they start to do something,” said Aushev.

Advertisement

Komarov said “the biggest change” following the incident is the revamping of Kyivstar’s infrastructure towards “micro-segmentation,” where the system is decentralized and security controls are deployed to each segment based on requirements.

“Therefore, the biggest and most fundamental conclusion is a total change in architecture from how they were built within the separation from the technological and IT infrastructure,” said Komarov.

In January, VEON, Kyivstar’s parent company, reported an estimated loss of $95 million in revenue as a result of the incident “arising from the customer loyalty measures taken by Kyivstar” to compensate the customers.

Founded in 1994, Kyivstar is Ukraine’s largest mobile operator. The company reported that in the first quarter of 2023 it served over 24 million cell phone subscribers and more than 1.1 million home internet subscribers. It has also built the largest communication infrastructure in Ukraine spanning more than 53 thousand base stations.

Advertisement
To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter