CyberSecurityBoard
Sponsor Register Login

Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack

Ukraine's security service has attributed the cyber-attack on mobile operator Kyivstar to Russian hacking group Sandworm.
Kyivstar is Ukraine's largest mobile network carrier, the cyber-attack rendered internet access and mobile communications temporarily unavailable for its customers in December 2023.
Illya Vitiuk, head of the Security Service of Ukraine Cyber Security Department, said that several follow-up attacks against Kyivstar were thwarted in the days after the initial incident.
Sandworm, which is believed to be a unit of Russia's military intelligence, has been blamed for numerous cyber-attacks on Ukraine's critical infrastructure.
This includes the notorious attack on Ukraine's power grid in 2015, which left parts of the country without power for several hours.
Following the Russian invasion of Ukraine, Sandworm used novel OT techniques to carry out a disruptive cyber-attack targeting a Ukrainian critical infrastructure organization in late 2022, according to analysis by cyber threat intelligence company Mandiant.
Sandworm has also been linked to the largest-ever attack on critical infrastructure in Denmark, which took place in May 2023.
Vitiuk said that the security service's subsequent investigation found that Sandworm had been in Kyvistar's system since May 2023, gaining full access in November at the latest.
While the Kyivstar attack had a significant impact on the civilian population, Vitiuk said that military communications were not seriously affected.
In a post on the SSU website, the service stated that it has thwarted nearly 9000 cyber-attacks on Ukraine's government resources and critical infrastructure facilities since the start of Russia's invasion.
Mike Newman, CEO of My1Login, said the revelation that Sandworm was present on Kyivstar's network for many months before launching the attack raises big questions about why the attackers were not detected sooner.
William Wright, CEO of Closed Door Security, believes that having spent over six months inside Kyivstar's network, the group will have likely accessed most of the mobile operator's data, which could be used to target the company, its customers and Ukraine going forward.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 04 Jan 2024 16:15:16 +0000


Cyber News related to Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack

Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack - Ukraine's security service has attributed the cyber-attack on mobile operator Kyivstar to Russian hacking group Sandworm. Kyivstar is Ukraine's largest mobile network carrier, the cyber-attack rendered internet access and mobile communications ...
1 year ago Infosecurity-magazine.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com
CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers - In the two months since Russia-linked hackers attacked Ukraine's largest telecom operator, many questions have emerged about how they gained access to the company's systems and lingered there, likely for months, undetected. During a cybersecurity ...
11 months ago Therecord.media
SBU Cybersecurity Chief Exposes Persistent Hacker Presence in Kyivstar - An attack on Kyivstar, a telco company that has some 24 million users in Ukraine, appears to have been carried out by Russia's Sandworm crew last month. Approximately 24 million users' services were disrupted for a period of several days beginning on ...
1 year ago Cysecurity.news
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack - A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications ...
1 year ago Bleepingcomputer.com
Exclusive: Ukraine says joint mission with US derailed Moscow's cyberattacks - On a Wednesday afternoon in late September, the head of the cyber division of Ukraine's intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest - specifically how much a joint hunt forward ...
1 year ago Therecord.media
Russia's Sandworm blamed for Kyivstar telecom cyberattack The Register - Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar. The attack also reportedly disrupted the air raid alert ...
1 year ago Go.theregister.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
The Kyivstar Breach and Its Implications for Global Cybersecurity - In the wake of the devastating cyber-attack on Kyivstar, Ukraine's largest telecommunications service provider, it's time for a blunt conversation in the boardrooms of global enterprises. As someone who has navigated the cybersecurity landscape for ...
11 months ago Cybersecurity-insiders.com
Emulating the Sabotage-Focused Russian Adversary Sandworm- Part 2 - Adversary Emulation PublishedJuly 3, 2024 AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and ...
7 months ago Securityboulevard.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
Russian Sandworm hackers breached 11 Ukrainian telcos since May - The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. That is based on a new report by Ukraine's Computer Emergency Response Team citing ...
1 year ago Bleepingcomputer.com
Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns - December's cyberattack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actors dealt a catastrophic blow to the wealthy, privately-owned company, according to Illia Vitiuk, head of the Security Service of Ukraine's ...
1 year ago Darkreading.com
Ukraine's largest mobile carrier Kyivstar down following cyberattack - Kyivstar, Ukraine's largest telecommunications service provider serving over 25 million mobile and home internet subscribers, has suffered a cyberattack impacting mobile and data services. The official website is offline, but the company informed ...
1 year ago Bleepingcomputer.com
23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits - It's been nearly two years since Russia's invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. If you made some New Year's resolutions related to digital security, check out our ...
1 year ago Wired.com
Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant - Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. Ilya Vityuk, the chief of the Security Service of Ukraine's cyber security ...
1 year ago Cysecurity.news
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Russian Hackers Were Inside Ukrainian Telecoms Giant for a year - Russian hackers have been inside Ukrainian telecoms company Kyivstar's system since at least May of last year, causing the most severe cyberattack on Ukrainian networks. Approximately 24 million users could not access services offered by Ukraine's ...
1 year ago Cybersecuritynews.com
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
2 years ago Thehackernews.com
Ukraine: Hack wiped 2 petabytes of data from Russian research center - Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. The ...
1 year ago Bleepingcomputer.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
1 year ago Therecord.media
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
9 months ago Infosecurity-magazine.com
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)