The massive outage of Ukrainian mobile and internet provider Kievstar on December 12 last year has now been blamed by the Ukrainian Security Service (SBU) on the Russian state-sponsored Sandworm group.
The attack resulted in a total outage of Kyivstar-provided networks, including a number of early warning attack systems, and caused an increase in traffic on other network providers in Ukraine as people sought alternative connectivity options.
It has now been established that the group remained within the Kievstar network since May 2023.
A broader warning for NATO
The attack also targeted Kievstar's computer networks, deleting data from thousands of servers and causing widespread long-term damage to network operators' infrastructure. Speaking in one interviewSBU head Illia Vitiuk said the attack “completely destroyed the core of a telecom operator.”
“For now, we can say with certainty that they have been in the system since at least May 2023. I can't say now, since what time they had… full access: probably at least since November.”
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, told Ny Breaking that “reports of the destruction of Kievstar's virtual infrastructure coincide with reports of air raid sirens malfunctioning in Kiev, as well as payment terminals and multiple banks being disrupted , and reported problems with payment for public transport.”
“Since the beginning of the conflict, Russian cyber operators have conducted intrusion operations for espionage, information operations and destructive purposes against Ukrainian targets. An overarching motivation for the adversary is to contribute to psychological operations aimed at degrading, delegitimizing, or otherwise influencing public trust in state institutions and sectors such as government, energy, transportation, and media.”
It is suggested that the attack is part of Russia's wider hybrid warfare, in which the Kremlin's traditional military strikes are paired with cyber and psychological attacks. An example of this is the Russian missiles, suicide drones and cyber attacks aimed at Ukraine energy infrastructure in the winter of 2022-2023 in an attempt to erode morale and Ukrainian public support for the war.
Such attacks highlight the potential dangers that the Kremlin and its associated cybercriminal enterprises pose to NATO. Last year, British Deputy Prime Minister Oliver Dowden spoke suggested that people should stock up on battery-powered radios, flashlights and first aid kits, with Russia and cyber-attacks identified as potential threats to Britain.