Excerpt from Reuters Article, Published on Jan 04, 2024

In a recent revelation, the Security Service of Ukraine (SBU) disclosed that Russian hackers infiltrated the systems of Kyivstar, a major Ukrainian telecoms giant, as early as May of the preceding year. The cyberattack, lasting for months, caused a significant outage, affecting services for approximately 24 million users as of December 12th, marking one of the most severe incidents since Russia’s invasion nearly two years ago.

Illia Vitiuk, head of SBU’s cybersecurity department, highlighted exclusive details of the attack, emphasizing its destructive nature and strategic aims. He described it as a clear warning to both Ukraine and the broader Western world, indicating that no entity is impervious to such assaults. Kyivstar, known for substantial cybersecurity investments, experienced what Vitiuk termed a “disastrous” assault, essentially dismantling the core of a telecoms operator.

The cyberattack’s timeline, according to SBU investigations, indicated unauthorized access to Kyivstar’s system starting in May 2023. The intruders likely gained complete access by November, potentially compromising personal information, phone locations, intercepting SMS messages, and even accessing Telegram accounts.

While Kyivstar assured no leakage of personal or subscriber data, the incident’s repercussions extended beyond service disruptions. Reports surfaced of citizens in remote areas facing communication challenges, leading to long queues for alternative SIM cards and disruptions to services relying on Kyivstar’s network, such as ATM transactions and the functionality of air-raid sirens during security alerts.

Despite the attack’s magnitude, Ukraine’s military remained largely unaffected, relying on independent communication protocols and algorithms for crucial operations like drone and missile detection, as per Vitiuk.

SBU’s investigation pointed fingers at the notorious Russian military intelligence unit, Sandworm, notorious for prior cyberattacks in Ukraine. This attack, wiping crucial infrastructure, resembles Sandworm’s modus operandi, raising concerns about future assaults on telecom operators. Vitiuk highlighted over 4,500 thwarted cyberattacks on Ukrainian critical infrastructure last year alone, underscoring the persistent threat.

Efforts to trace the penetration methods or the specific malware used remain ongoing. However, SBU suggested potential internal collaboration or phishing as entry points for the attack.

As Kyivstar works on restoration, concerns mount regarding the practical challenges faced by regulated entities complying with recent RBI circulars restricting investments in Alternative Investment Funds with downstream links to debtor companies. The circular, aimed at curbing the ‘evergreening’ of loans, presents significant challenges that stakeholders hope will be addressed by the RBI in the near future.

To delve deeper into this topic, please read the full article on Reuters.