Russian hackers were in Kyivstar's system for months - SBU
According to the head of the SBU cyber security department, hackers could steal personal information, locate phones, and intercept SMS messages.
Russian hackers have been in the system of the Ukrainian operator Kyivstar for months. The cyberattack in December should serve as a "big warning" to the West, the head of the SBU cyber security department, Ilya Vityuk, told Reuters in an interview.
In the interview, Ilya Vityuk revealed details of the hack, which he said caused "catastrophic" damage and was intended to deal a psychological blow and gather intelligence.
This attack is a big message, a big warning not only for Ukraine but also for the entire Western world so that they realise that no one is really untouchable," Ilya Vityuk said.
He said the attack destroyed "almost everything", including thousands of virtual servers and PCs, and described it as probably the first example of a devastating cyberattack that "completely destroyed the core of a telecom operator".
The SBU investigation found that hackers probably tried to infiltrate Kyivstar in March or earlier, Vityuk said in an interview.
At the moment we can say with certainty that they have been in the system since at least May 2023. I can not now say from what time they had full access: probably at least since November - he said.
It is noted that the SBU estimates that the hackers could steal personal information, locate phones, intercept SMS messages and possibly steal Telegram accounts.
Vityuk said the SBU helped Kyivstar restore its systems in a matter of days and fend off new cyberattacks.
After a serious interruption, a number of new attempts were made to cause more damage to the operator," he said.
The cyber attack has reportedly caused people to rush to buy other SIM cards, creating large queues. ATMs that use Kyivstar SIM cards to access the Internet stopped working, and the air-raid siren used during missile and drone attacks did not work properly in some regions.
According to Vityuk, the attack had little impact on the Ukrainian army, which did not rely on telecom operators and used, in his words, "different algorithms and protocols".
We shall remind you that as a result of the cyberattack, a large-scale disruption in the work of the mobile operator Kyivstar occurred on the morning of 12 December.