Kyivstar telecom cyberattack

On 12 December 2023, Kyivstar, Ukraine’s largest communications provider, serving over 24 million mobile phones, was targeted by a Russian cyberattack. Russian hackers had infiltrated Kyivstar’s system in March, months before the attack. Investigations are ongoing, but cybersecurity experts believe that the attack consisted of phishing and malware deployment in concert with a compromised employee of the company.

Impact

The attack affected air raid warning systems, including in the city of Sumy, in the north-east of Ukraine. The country’s largest bank, PrivatBank reported cash machines not working. Kyivstar customers were left without phone or internet access for multiple days, preventing them from receiving important air raid alerts and information on Russian attacks. Hospitals and public transportation in Kyiv were thrust into chaos. The effects of the attack can be broken down into civilian panic and confusion, financial cost, and data destruction.

Attribution

The Ukrainian secret service (SBU) attributed the attack to Sandworm, a hacker group linked to Russia’s GRU. Solntsepek, a hacker group associated with Sandworm, claimed responsibility in a post on Telegram. President Zelensky’s concurrent visit to the US is considered as a potential trigger for the Kremlin’s command to attack.

Lessons

Kyivstar invested $90 million into infrastructure repairs and enhancing cybersecurity measures.

Other WIFI and mobile service providers were encouraged by the Ukrainian government to make their networks accessible to all users.

Continuous cybersecurity education, and mandatory phishing training for employees.

Strengthening national cybersecurity laws aligned with European standards to enforce compliance of private telecoms companies.

Enhancing public–private partnerships and international intelligence-sharing to access real-time threat data and coordinated defence capabilities.