The Security Service of Ukraine (SBU) is actively gathering evidence on Russian intelligence hackers responsible for the cyberattack on Kyivstar in December 2023. SBU cybersecurity chief Illia Vitiuk mentioned in an interview that they will be passing the materials to the International Criminal Court (ICC) for further action. The attack targeted Kyivstar, resulting in internet and network outages as well as issues with air raid alerts across the country. The SBU linked the attack to SandWorm, a unit of Russia’s military intelligence agency, the GRU, based on their specific “handwriting” and “specially created software products” used during the attack. The damages caused by the cyberattack amounted to Hr 3.6 billion ($93 million) according to VEON, Kyivstar’s parent company.
In the investigation, it was revealed that Russian hackers likely gained access to Kyivstar’s cybersecurity as early as May 2023, with full access obtained in November before the December attack. This evidence suggests a prolonged period of infiltration and preparation by the hackers before the actual cyberattack took place. The SBU cybersecurity chief emphasized the need for thorough examinations on the suffered losses and affected systems, as a large amount of information from both virtual and physical servers were destroyed, and computers wiped completely. International partners and intelligence services have been approached for further information and collaboration in the investigation, with official charges set to be announced soon based on the collected evidence.
The SBU cybersecurity chief highlighted the importance of holding the perpetrators accountable for the cyberattack on Kyivstar, which had significant economic impacts and disrupted critical services across Ukraine. By identifying and linking the Russian hacker group Solntsepek to SandWorm, Ukraine aims to seek justice through legal channels such as the International Criminal Court in The Hague. The damages incurred by the cyberattack included costs for restoring services, replacing lost equipment, and compensating external consultants and partners. The investigation into the attack continues as Ukraine seeks to address the cybersecurity threats posed by foreign actors and ensure the protection of its critical infrastructure.
The involvement of Russian intelligence hackers in the cyberattack on Kyivstar highlights the ongoing security challenges faced by Ukraine in the digital realm. The SBU’s efforts to gather evidence and collaborate with international partners demonstrate a commitment to combating cyber threats and holding those responsible accountable for their actions. The prolonged access gained by the hackers to Kyivstar’s systems before the attack underscores the need for enhanced cybersecurity measures and vigilance against potential infiltrations. By bringing the case to the ICC, Ukraine seeks to address the broader implications of cyber warfare and advocate for stronger international cooperation in addressing cyber threats.
The cyberattack on Kyivstar serves as a reminder of the evolving nature of cyber threats and the importance of proactive cybersecurity measures to safeguard critical infrastructure and data. The identification of SandWorm and the Russian hacker group Solntsepek as responsible parties sheds light on the tactics and capabilities of state-sponsored cyber actors and the need for robust defenses to counter such attacks. As Ukraine continues to investigate the cyberattack and pursue legal action against the perpetrators, the incident underscores the complexities of cybersecurity in a digital age and the necessity of international collaboration to address threats that transcend national borders.
Support for independent journalism in Ukraine is essential in covering events like the cyberattack on Kyivstar and shedding light on the actions of state-sponsored hackers targeting critical infrastructure. By joining the fight for independent journalism and supporting initiatives that seek to expose cyber threats and hold perpetrators accountable, individuals can contribute to efforts to strengthen cybersecurity measures and protect against future attacks. The case of the cyberattack on Kyivstar underscores the need for collective action in addressing cyber threats and defending against malicious actors seeking to disrupt vital services and systems.
