January 4, 2024 at 03:03PM
In a recent interview, Illia Vitiuk, head of Ukraine’s SBU cybersecurity department, revealed that the Russian-backed cyberattack on Kyivstar caused extensive damage, impacting 24 million users and potentially resulting from an insider job. Vitiuk warned that Western organizations are also at risk and cautioned that this attack sends a strong message to the entire world.
Key takeaways from the meeting notes are as follows:
1. The cyberattack on Ukrainian telecommunications operator Kyivstar in December 2023, carried out by Russian-backed threat actors, resulted in a significant impact on the company, causing communication outages for more than 24 million users across Ukraine for about four days.
2. The breach, suspected to be the work of the group Sandworm, resulted in extensive damage to Kyivstar’s systems, with the threat actors potentially having access since May 2023. The incident was described as a warning to the Western world, emphasizing that no organization is untouchable.
3. The cyberattack also involved the exfiltration of personal data about Kyivstar users, including device location data, SMS messages, and potential data that could lead to Telegram account takeovers. However, Ukraine’s military activities were not impacted by the attack.
4. Insider involvement was identified as a contributing factor to the breach, and ongoing analysis of malware samples from the cyberattack is being conducted.
5. With assistance from the Security Service of Ukraine (SBU), Kyivstar’s operations were fully recovered by December 20. Additionally, Ukraine responded with a cyberattack on Moscow-based water utility Rosvodokanal, reportedly causing significant damage to its IT infrastructure around the same time.
These key points provide a comprehensive overview of the significant cyber incidents involving Kyivstar and the subsequent response from both Ukrainian and Russian organizations.