An attack on Kyivstar, a telco company that has some 24 million users in Ukraine, appears to have been carried out by Russia's Sandworm crew last month.
Approximately 24 million users' services were disrupted for a period of several days beginning on December 12, after an attack that took place from at least May of the previous year.
The attack was widely viewed as being one of the most significant cyberattacks since nearly two years ago when Russia invaded Ukraine.
The intrusion destroyed thousands of virtual servers and PCs. It is also reported that the attack disrupted some banking services in Kyiv and the air raid alert system in the region.
In the same week as the attack on the Ukrainian capital, two separate missiles struck, injuring at least 53 people and causing significant damage to homes, a children's hospital, and a medical centre.
According to Vitiuk, the Kyivstar hackers entered the network sometime between May and November 2023, if not earlier.
The attackers would have had access to customer information, phone location information, SMS messages, and possibly Telegram account credentials if they had been successful in carrying out this attack.
As Vitiuk points out, the attacker is believed to have been Sandworm, which is it the state-controlled hacker group that attacked earlier this month.
Several virtual servers and personal computers were wiped out by the hackers, according to Vitiuk, including thousands of servers and personal computers.
Earlier this week, Kyivstar's CEO Oleksandr Komarov claimed that the attackers had managed to destroy some functions in the company's core network, which serves as the main structure of the company's communication network.
Many hackers are still trying to damage Kyivstar after the major cyberattack on the operator, Vitiuk said, and there have been several new attempts made by hackers to damage the operator since then.
The Ukrainian telecom company reported that it suffered billions in losses in Ukraine's national currency as a result of the cyberattack, according to Komarov in an interview he gave in December.
It is a telecom provider that has nearly 24 million subscribers across Ukraine.
There were several technical difficulties with the company's service in Ukraine and abroad before the company was able to restore all of its services on December 20.
Apart from cutting off Ukrainians from the mobile internet and cellular network, the attack also disrupted air raid sirens, some banks, ATMs and point-of-sale terminals.
According to Vitiuk, Russian hackers continue to target telecom operators as a potential targets.
Mandiant has alleged that Sandworm was the cause of the blackouts that occurred in Ukraine in October 2022, which were previously attributed to missile strikes.
Strikes against Ukraine's electrical grid were one of the causes of some of the blackouts that occurred.
According to Hultquist, Sandworm has been responsible for several electronic blackouts in Ukraine, but they reach across the entire globe.
A number of their attackers have also been tied to the global NotPetya attack - one of the most expensive cyberattacks in history.
This Cyber News was published on www.cysecurity.news. Publication date: Sun, 07 Jan 2024 14:13:05 +0000