Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.
The attack also reportedly disrupted the air raid alert systems in parts of Kyiv and some banking services.
That same week, two separate missile attacks pelted the Ukrainian capital, injuring at least 53 people and damaging homes and a children's hospital.
The Kyivstar hackers broke into the network in May 2023, if not earlier, according to Vitiuk, and gained full access by November.
This would have given the attackers access to customer information, phone location data, SMS messages, and potentially Telegram account credentials.
This is the crew that carries out espionage, hack-and-leak, data wiping and influence campaigns - along with a host of other illicit activities - on behalf of Russia's GRU military intelligence unit.
Kyivstar's CEO Oleksandr Komarov declared the provider's services were fully restored as of December 20.
Private-sector threat analysts told The Register that the attack is significant in that it wasn't only used for espionage purposes, but also for hybrid warfare.
This military surveillance, combined with the psychological effects of cutting off Ukrainians' phone and internet services for days, shows that Russia will continue to use offensive cyber attacks to augment the kinetic war, according to Adam Meyers, head of Counter Adversary Operations at CrowdStrike.
CrowdStrike, he added, also believes that Sandworm, and its affiliate Solntsepek, is responsible for the attack.
Solntsepek previously claimed to be behind the Kyivstar attack, and CrowdStrike tracks Sandworm as VooDoo Bear.
This includes at least eight attacks against public and private organizations in Ukraine between April and August 2023, according to Meyers.
Between July and September 2023, the gang added data wiping malware to their claims, and bragged they hit an additional 11 targets, Meyers added.
Western countries should heed Ukraine's advice, and treat the Kyivstar hack as a warning, said John Hultquist, chief analyst at Google's Mandiant Intelligence group.
Mandiant has also blamed Sandworm for blackouts in Ukraine in October 2022, previously believed to be caused by missile strikes.
Some of the blackouts were caused by strikes on Ukraine's electrical grid.
A seemingly coordinated cyber attack on one of the country's power plants also played a role, according to the threat hunters.
This Cyber News was published on go.theregister.com. Publication date: Fri, 05 Jan 2024 08:13:05 +0000