Ukraine’s cyber spy chief believes hackers who knocked Kyivstar’s network offline during December had gained access to some of the company’s systems in May, reports Reuters. Illia Vitiuk, Head of Cybersecurity at Security Service of Ukraine (SBU) also said the attack should serve as a ‘big warning’ to telcos in the West.
During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27.
“For now, we can say securely, that they were in the system at least since May 2023,” he said. “I cannot say right now, since what time they had… full access: probably at least since November.”
The attack was blamed on Sandworm, hackers who work for the cyberwarfare unit of Russian military intelligence. Vitiuk stated that Sandworm had previously been discovered penetrating another Ukrainian comms provider.
The hack succeeded in wiping thousands of virtual servers and personal computers that “completely destroyed the core” of the operator. However, it is not yet fully understood how the hackers were able to compromise Kyivstar’s defenses.



