December's cyberattack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actors dealt a catastrophic blow to the wealthy, privately-owned company, according to Illia Vitiuk, head of the Security Service of Ukraine's cybersecurity department.
In a new interview, he issued a warning to organizations across the West - they could be next.
The breach by Russian-backed threat actors, who Vitiuk said investigators suspect are linked to the group Sandworm, managed to black out communications for more than 24 million Kyivstar users across Ukraine for about four days, starting Dec. 12.
Besides causing communications chaos across Ukraine, the cyberattackers were able to exfiltrate loads of personal data about Kyivstar users, including device location data, SMS messages, and, potentially, data that could lead to Telegram account takeover, Vitiuk said.
Ukraine's military activities were not impacted in the Kyivstar cyberattack, he added.
Investigations into the Kyivstar breach revealed the threat group was able to gain initial access through a company insider, Viatuk said.
Vitiuk also noted that analysis of malware samples from the cyberattack is ongoing.
By Dec. 20, Kyivstar's operations were fully recovered with the help of the SBU. Around the same time, Ukraine retaliated with a cyberattack on Moscow-based water utility Rosvodokanal, that reportedly demolished the organization's IT infrastructure.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 04 Jan 2024 20:00:23 +0000