Customers of Ukraine’s Leading Telecoms Provider May Have Had Accounts Compromised by Russian Hackers in 2023

by | Jan 12, 2024

It is far from unusual for Russian hackers to make attempts against Ukraine’s infrastructure, even prior to the start of the current war. But customers of the country’s biggest telecoms provider have just learned that their communications may have been intercepted throughout 2023, with a spokesperson for the national security service revealing that the attackers had “full access” to Kyivstar at minimum in November and the early days of December.

The operation is thought to have begun in March of last year, and the attackers likely had access from May, but wide-ranging access to the telecoms provider’s full network was established by November. It is not clear how many customers were actually impacted, but the Russian hackers had the ability to access their accounts, read their SMS messages and track their GPS locations among other things. The incident serves as a strong reminder of what the world’s leading threat groups can gain access to (and how long they can go undetected) when they set their sights on a particular target.

Largest of Ukraine’s three major telecoms providers had hackers dwelling for most of 2023

Ukraine cybersecurity head Illia Vitiuk said that it was possible that the Russian hackers had an insider helping them at the telecoms provider, but they would not have been highly placed as the attackers had to deploy malware to capture and then crack hashed passwords to get more extensive access.

The attack appears to be the work of Sandworm, one of the oldest groups of Russian hackers thought to be under the direct command of the GRU. Causing disruptions in Ukraine has been one of this group’s central missions for many years now, dating back to the original 2014 flare-up of tensions that has spiraled into the current war. It has repeatedly broken into Ukrainian government systems, knocked out power and distributed destructive malware to civilian targets.

The cyber exchanges between Russia and Ukraine thus far are thought to be the largest in the history of digital warfare. The records are still being written as the conflict looks to enter its third year, with no sign of a ceasefire on the horizon.

Russian hackers trash Kyivstar’s network after discovery

Kyivstar’s service appears to have mostly returned to normal, but the incident did shake consumer confidence in the telecoms provider with reports of long lines for new SIM cards at stores in the wake of the incident.

Part of that was due to destructive action by the Russian hackers after they were detected at some point in early December. On December 12, they executed a massive attack on Kyivstar’s computers that severely disrupted service for several days. Most of the telecoms provider’s 25 million customers lost internet access for at least some time, but the company rushed to Facebook on December 13 to offer assurances that personal data had not been permanently removed by the attack.

The apparent silver lining to this incident is that it appeared to have no impact on Ukraine’s military, save for some early warning alarms being unable to function for a short period of time. Customers are left to wonder what the Russian hackers might have made off with, however, or if a similar intrusion could happen again.

Recent Posts

How can we help?

13 + 12 =

× How can I help you?