Millions of Ukrainians are without mobile and internet services for a second day after a massive cyber-attack disabled Kyivstar, the country’s main telecommunications operator.

What happened?

On Tuesday morning, some 24.3 million people in Ukraine – over half the country’s population – found themselves without any mobile signal, a serious issue in a country where many rely on mobile phones for air raid alerts and information on Russian attacks.

Additionally, shops throughout the country were unable to process credit payments, many ATMs could not function and even the automatic control of street lighting in Lviv failed.

What was the cause?

It soon became clear Kyivstar had been victim of a cyber-attack and as they looked into it, the scale and seriousness of the damage caused became apparent.

Advertisement

Kyivstar CEO Oleksandr Komarov, told Kyiv Post: “It was a well-planned and professional attack from all perspectives – not only from the cyber angle but also from the telecoms perspective.

“It’s an enormous hit on the infrastructure.”

As for how the attack was achieved, Komarov said technicians had discovered “a perimeter vulnerability which was used by hackers.”

What’s the scale of the damage?

Pretty massive. In an earlier interview with Ukrainian TV, Komarov said Kyivstar’s IT infrastructure was “significantly damaged” and as the attack could not be countered virtually, they “physically disconnected Kyivstar from the network.”

Russia Imposes Forced Enlistment in Occupied Ukraine Contrary to International Law
Other Topics of Interest

Russia Imposes Forced Enlistment in Occupied Ukraine Contrary to International Law

While Ukrainians protest against forced mobilization, Russia has begun to force young people from the occupied territories into its armed forces - another violation of the Geneva Convention.

When will it be fixed?

Speaking to Kyiv Post late on Tuesday evening, Komarov said the “best-case scenario” would be the resumption of normal service at some point on Wednesday.

He added: “This is the best-case scenario because on the way we are discovering new issues. 

“This is the first problem. The second problem is that we should ensure that in the recovery process, we don’t leave any vulnerabilities open for the enemy.

Advertisement

“Once again, to be transparent and fair – there are a lot of bottlenecks and a lot of surprises on the way.”

On Wednesday morning, the company announced it had partially restored some fixed-line communications.

Komorav said he did not have a worst-case scenario timeline but added: “We will have a little more clarity on Wednesday.

Komarov was also keen to reassure both customers and investors about how the situation is being handled.

“As a public company, we’re reporting our current status and our efforts to the open market,” he said.

“My conversation with you, for example, is part of the obligation I have as CEO of a public company.”

Who was behind the attack?

Obviously, Russia is the main suspect and the scale of that attack almost certainly indicates it was a state actor.

A security source told Reuters that data cable interception showed “a lot of Russian-controlled traffic directed at these networks.”

Ukraine, with the help of international partners, has been successfully fending off Kremlin cyber-attacks for years.

The frequency of attacks escalated following the launch of Russia’s 2022 full-scale invasion but this week’s attack was its first successful major hack.

Advertisement

Komarov said: “For me, it’s [part of the] war. It’s a cyber war against critical infrastructure.”

Ukraine’s SBU security service said it had opened a criminal investigation and sent agents to the company’s offices.

“The special services of the Russian Federation may be behind this hacker attack,” the SBU said in a statement.

Has anyone claimed responsibility?

On Wednesday morning, a Russian hacker collective called Solntsepek claimed responsibility, saying in a post on Telegram: “We, the Solntsepek hackers, take full responsibility for the cyber-attack on Kyivstar.

"We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine, as well as government agencies and law enforcement agencies of Ukraine.

“The rest of the offices helping the Armed Forces of Ukraine, get ready!”

The group also claimed to have destroyed a large number of computers and servers but Kyivstar in a statement denied this was true.

Was it them?

That’s sort of a moot question when it comes to Russian hacker groups, which mostly work under the direction of or at least with the implicit approval of the Kremlin.

Were the Armed Forces of Ukraine affected?

Advertisement

The land forces’ operations have not been impacted, Kyivstar spokesman Volodymyr Fityo said.

“There are some inconveniences for civilians, but it does not matter at all for the military,” he said on television.

What prompted the attack?

Disabling infrastructure in Ukraine and attempting to cause general chaos has been a goal of Russia for a long time so there might not have been a specific factor in the timing of the attack.

But there are possibilities, though it’s impossible to say right now if any of them were in play.

“There are plenty of reasons that could be behind the attack on Kyivstar,” Komarov said.  “Our exit from Russia, our patriotic position is one of them, our critical infrastructure status is another.

“President Zelensky visiting the US could also be a trigger for such an attack.”

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter