Russian hackers had secret access to the Ukrainian telecom giant for months

Ukraine's Telecom

Ukrainian cybersecurity authorities have announced that the Russian state-sponsored threat actor known as Sandworm has been in the systems of telecom operator Kyivstar since at least May 2023.

The development was first reported by Reuters.

The incident, described as a “powerful hacker attack”, first came to light last month, disabling access to mobile and internet services for millions of customers. Shortly after the incident, a Russia-linked hacking group called Solntsepyok took responsibility for the breach.

Solntsepyok is considered a Russian threat group linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), which also operates Sandworm.

The Advanced Persistent Threat (APT) actor has a track record of orchestrating disruptive cyber attacks, with Denmark accusing the hacker corps of attacking 22 companies in the energy sector last year.

Illia Vitiuk, head of the cybersecurity department of the Security Service of Ukraine (SBU), said the attack on Kievstar wiped out almost everything from thousands of virtual servers and computers.

The incident, he said, “completely destroyed the core of a telecom operator,” noting that the attackers likely had full access since at least November, months after gaining an initial foothold in the company’s infrastructure .

“The attack was carefully planned over many months,” Vitiuk said said in a statement shared on the SBU website.

Kievstar, which has existed since then its activities restored, said there is no evidence that subscribers’ personal data was compromised. It is currently unknown how the threat actor entered its network.

It’s worth noting that the company had done that previously fired speculations about the attackers destroying their computers and servers as ‘fake’.

The development comes as the SBU revealed earlier this week it disabled two online surveillance cameras that were allegedly hacked by Russian intelligence services to spy on the armed forces and critical infrastructure in the capital Kiev.

The agency said the compromise allowed the adversary to remotely control the cameras, adjust their viewing angles and connect them to YouTube to capture “all visual information within the camera’s range.”


#Russian #hackers #secret #access #Ukrainian #telecom #giant #months

Notify of
Inline Feedbacks
View all comments
Previous Post

Exposed secrets are everywhere. Here’s how to tackle them

Next Post
Vulnerability in Endpoint Manager Solution

Ivanti releases patch for critical vulnerabilities in Endpoint Manager solution

Related Posts