By:
Dec 13, 2023NewsroomCyber Attack / Geopolitics
Ukraine’s biggest telecom operator Kyivstar has become the victim of a “powerful hacker attack,” disrupting customer access to mobile and internet services.
“The cyberattack on Ukraine’s #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues to restore connectivity,” NetBlocks said in a series of posts on X (formerly Twitter).
Kyivstar, which is owned by Dutch-domiciled multinational telecommunication services company VEON, serves nearly 25 million mobile subscribers and more than 1 million home internet customers.
UPCOMING WEBINAR Beat AI-Powered Threats with Zero Trust – Webinar for Security Professionals Traditional security measures won’t cut it in today’s world. It’s time for Zero Trust Security. Secure your data like never before. Join Now
The company said the attack was “a result of” the war with Russia and that it has notified law enforcement and special state services. While Kyivstar is working to restore the services, the internet watchdog noted that the telco is largely offline.
That said, Kyivstar has yet to provide details about the nature of the attacks and what caused the shutdown. There is no evidence that the personal data of subscribers has been compromised in the incident.
“After stabilizing the network, all subscribers and corporate clients who as a result of a hacking attack could not use the services of the company, will definitely receive compensation,” Kyivstar said in an update posted on Facebook.
Source: NetBlocks
It’s also urging users to be on the lookout for scams aiming to trick users into sharing their personal details and that “news about compensation and the timing of the network restoration will come exclusively from the company’s official pages.”
The pro-Russia hacktivist group KillNet claimed responsibility for the attack on Telegram, but did not offer any additional evidence to back its claims.
KillNet is coming off a few chaotic weeks of its own after the Russia-based Gazeta.ru unmasked the real-world identity of its leader — who goes by the online alias KillMilk — as Nikolai Serafimov, a 30-year-old Russian citizen. KillMilk has since announced his retirement, appointing in his place a new head named “Deanon Club,” who has claimed that “there will be a large-scale recruitment for the KillNet team, on all fronts” with the goal of striking government financial facilities, encryption firms, and the gambling sector.
The development also comes as the Defence Intelligence of Ukraine (GUR) revealed that it hacked into Russia’s Federal Taxation Service (FNS) servers and wiped all its data.. Office.ed-it.ru, a Russian IT company that served as a database for the FNS, was also reportedly affected by the attack.

“During the special operation, military intelligence officers managed to infiltrate one of the well-protected key central servers of the Federal Tax Service (FTS of the Russian Federation), and then more than 2300 of its regional servers throughout Russia, as well as on the territory of the temporarily occupied Crimea,” the agency said.
Last month, GUR announced that it was behind a cyber assault against the Russian government’s Federal Air Transport Agency (FATA), which is also known as Rosaviatsia. The attack allowed it to access “a large volume of confidential documents,” including a list of daily reports spanning more than a year and a half, it said.
However, Anton Gorelkin, a Russian politician and lawmaker, said in a message on Telegram that the attack on FNS is fiction, adding it is an attempt on part of the Ukrainian government to “respond to their problems with Kyivstar.”
Update
Kyivstar, in a follow-up post, said its “specialists and partners have done their best to restore the network from the consequences of the cyber attack,” and that data and SMS services are expected to go live over the next 24 hours.
In the interim, another Russia-linked hacking group called Solntsepyok took to Telegram to “take full responsibility for the cyber attack on Kyivstar,” adding it “destroyed 10,000 computers, more than 4,000 servers, all cloud storage and backup systems.”
The group also said it attacked the telecom service provider owing to the fact that it offers communications to the Armed Forces of Ukraine, as well as state bodies and law enforcement agencies in the country.
The State Special Communications Service of Ukraine (SSSCIP) described Solntsepyok as a Russian advanced persistent threat (APT) with likely ties to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.