MainNews -

Russian hackers were in Kyivstar system for months - Reuters

Russian hackers have been in the Kyivstar system since at least May last year. 

Russian hackers were in Kyivstar system for months - Reuters
Photo: RBK

Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year. The hacking of the company's system was a warning not only for Ukraine but also for other countries.

"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," Reuters writes, citing Illya Vityuk, head of the SBU's cybersecurity department.

According to Vitiuk, the attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."

During the investigation, the SBU found that the hackers had probably attempted to penetrate Kyivstar before.

"For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November."

The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. However, according to the publication, so far no facts of leakage of personal and subscriber data have been revealed.

Vituyk said the SBU helped Kyivstar restore its systems within days and to repel new cyber attacks.

"After the major break there were a number of new attempts aimed at dealing more damage to the operator," he said.

Also, according to the SBU cybersecurity chief, the attack had no big impact on Ukraine's military, which did not rely on telecoms operators and made use of what he described as "different algorithms and protocols".

"Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn't affect us strongly," he said.

He said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords. Samples of that malware have been recovered and are being analysed, he added.

Vituyk said the pattern of behaviour suggested telecoms operators could remain a target of Russian hackers. The SBU thwarted over 4,500 major cyberattacks on Ukrainian governmental bodies and critical infrastructure last year, he said. 

Read LB.ua news on social networks Facebook, Twitter and Telegram