More than 25 million Ukrainians have been unable to make telephone calls or connect to mobile Internet since Tuesday, December 12. A cyberattack of unprecedented scale has blocked the network of Kyivstar, the main Ukrainian mobile operator, which points the finger at a group of hackers linked to Russian military intelligence. The date is undoubtedly no coincidence: it corresponds precisely to the arrival of President Volodymyr Zelensky in the United States, who came to urgently plead the continuation of American aid to his country.
From the first hours of the outage, throughout Ukraine, long lines formed in front of the stores of competing operators. Then, very quickly, in kyiv, getting a subscription with another mobile operator became impossible. Since the start of the Russian invasion in February 2022, subscribers have been able to switch from one operator to another in the event of a failure. But, faced with the threat of an extension of the cyberattack, Kyivstar turned everything off itself in order to limit the damage. It was only on the third day that the operator began to restore its services “gradually, in order to respect security protocols”.
The company’s president, Oleksandr Komarov, said on Wednesday that “the enemy was able to penetrate the heart of the company’s infrastructure” by relying on an employee’s account, thus suggesting that an employee’s computer access (VPN credentials for example) were stolen by hackers to access the company network. Personal data, he added to reassure his subscribers, was not stolen by the hackers.
The day before, Tuesday, the Ukrainian security services in a statement blamed a group of hackers working under the orders of the Russian Military Intelligence Directorate (GRU) for the attack.
False nose of the GRU
Named Solntsepiok (“Cooked by the Sun”), in Russian, and reference to a thermobaric weapon in the Russian arsenal), a group did claim responsibility for the attack on Wednesday. “We attacked Kyivstar because the company provides its services to the Ukrainian armed forces, as well as government agencies and law enforcement agencies of Ukraine”underlines the message, accompanied by screenshots proving the penetration of Kyivstar’s computer system.
The information site on digital technologies dev.ua reports that Solntsepiok has already carried out cyberattacks targeting Ukraine, including the malicious disclosure of personal data of Ukrainian military personnel (“doxxing”, in computer jargon). The group is not only accused of being a false nose of the GRU but of Sandworm, which is a well-known separate GRU unit.
You have 45% of this article left to read. The rest is reserved for subscribers.