Kyivstar Faces Cyberattack, Disrupting Mobile and Internet in Ukraine

Kyivstar, Ukraine’s primary mobile network operator, fell victim to a cyber assault on Tuesday, Reuters news report said. The cyber security incident disrupted mobile and internet services for millions, severely impacting communication infrastructure and triggering failures in the air raid alert system across sections of the Kyiv region.
Kyivstar UkraineKyivstar, boasting a subscriber base of 24.3 million mobile users (more than half of Ukraine’s population) and over 1.1 million home internet subscribers, became the epicenter of this cyber onslaught.

Kyivstar CEO Oleksandr Komarov attributed the attack directly to the ongoing conflict with Russia, indicating that the company’s IT infrastructure had been significantly compromised, describing it as “partially destroyed.”

Speaking on national television, Oleksandr Komarov highlighted the intrusion into cyberspace, stating, “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war,” revealing that they had to physically shut down Kyivstar to curtail the adversary’s access after failing to counter the attack virtually.

While the source of the attack remains unconfirmed, Ukraine’s SBU intelligence agency is probing potential involvement by Russian security services. However, Russia’s foreign ministry has yet to provide any response or clarification.

Following the cyber attack, Kyivstar announced on Facebook that they had managed to restore some services and anticipated a full recovery by the following day, assuring a gradual restoration of mobile and internet services in Ukraine.

A claim made on Telegram by a Russian hacktivist group, Killnet, asserting responsibility for the attack lacked substantial evidence. Notably, sources close to Kyivstar affirmed that the Ukrainian military remained unaffected by the outage.

This cyber intrusion marks one of the most significant attacks on Ukrainian infrastructure since Russia’s invasion in February 2022. The earlier assault targeted Viasat Inc, resulting in the disruption of satellite internet modems across Europe and severely impeding communication channels in Ukraine during the initial phase of the conflict.

In the aftermath of the Kyivstar outage, panic ensued among citizens in Kyiv, prompting a rush to alternative network providers like Vodafone, Kyivstar’s primary competitor. Testimonies from affected individuals, like 25-year-old PR consultant Dmytro, emphasized the extent of the disruption, citing the complete loss of connectivity and navigation services.

Officials close to Ukraine’s cyber defense agency suspect Russian involvement but have yet to pinpoint a specific group responsible, categorizing the attack as state-driven based on intercepted data cable traffic directed at Ukrainian networks.

Unlike typical financially motivated cyberattacks, this assault focused on destruction rather than ransom, signaling a calculated act of disruption. The ramifications extended beyond telecommunication services, impacting air raid alert systems in over 75 settlements around Kyiv.

Kyivstar’s parent company, Veon, pledged cooperation with law enforcement while working to gauge the financial implications of the attack. CEO Oleksandr Komarov disclosed damage to two customer databases, assuring the public that personal data remained uncompromised and promising compensation to affected customers.

Amidst this chaos, other major Ukrainian entities reported collateral damage from the Kyivstar outage. Monobank faced a distributed denial of service (DDoS) attack, initially causing concerns but ultimately repelled. Additionally, PrivatBank and Oschadbank confirmed disruptions to their ATMs and card terminals.

The recurrent accusations by Ukrainian state bodies and companies of Russia orchestrating cyberattacks underscore the intensifying cyber warfare intertwined with the ongoing geopolitical conflict. The aftermath of this assault unveils vulnerabilities in critical infrastructure and raises concerns about future cyber threats in an already volatile region.