In the morning of Tuesday, December 12, 2023, the Ukrainian news outlet Hromadske reported an ongoing outage affecting Kyivstar, the largest mobile network operator in Ukraine and a subsidiary of the Netherlands-based telecommunications operator Veon.
Ukrainian government sources attributed the event to a Russia-nexus cyber attack. This hypothesis found confirmation in a Telegram post that the Russian-aligned Killnet distributed denial of service (DDOS) group shared shortly after the event. However, as noted by international press, including Reuters, Killnet provided no evidence of their involvement. There are suspicions the attacker may be a more sophisticated state-sponsored group, which, nonetheless, remains to be identified.
The President of Kyivstar, Oleksandr Komarov, stated that the attackers managed to breach the operator's cybersecurity through a compromised account belonging to one of the employees.
The immediate impact of the event included:
Disruption of the mobile network connectivity for all customers within 75 settlements surrounding the Ukrainian capital Kyiv. There were immediate physical security ramifications for this event as individuals were barred from receiving application-based notifications of potential air raids.
A number of banking networks were reportedly unavailable.
Limited disruption of radar detection capability. Nonetheless, the Ukrainian military is believed to be largely unaffected.
To reduce the scale of destroyed data, the company physically disconnected the connection.
On the evening of December 13, Kyivstar announced that the team had commenced the restoration of voice communication nationwide across Ukraine. The rest of the services are scheduled to be resumed within 24 hours.
Numerous sources allege that Kyivstar is owned by sanctioned Russian oligarchs Mikhail Fridman, Pyotr Aven, and Andrei Kosogov through Veon Holding. However, Oleksandr Komarov as well as Veon press-release from October, 2023 denied this information.
The Kyvistar event occurred the day after the Ukrainian Military Intelligence disclosed they compromised servers of the Russian Federal Taxation Service leading - according to the Ukranian government sources - to a breakdown in communication between Moscow's central office and the 2,300 territorial departments. The timing may suggest a correlation between the 12 and 13 December events. However, the Ukrainian General Intelligence Directorate denied the connection, as both of these attacks are quite prolonged in the context of preparation and execution.
While cyberwarfare unfolds in Ukraine, the country alongside 12 NATO and non-NATO countries - Hungary, Turkey, Australia, Poland, Belgium, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania - keep being targeted in an APT28 ("FancyBear")-attributed espionage campaign delivering the HeadLace backdoor.
Image Credits: Sergei Chuzavkov / AFP / Getty Images