therecord.media
Open in
urlscan Pro
2606:4700:4400::ac40:9b4b
Public Scan
URL:
https://therecord.media/kyivstar-cyberattack-telecom-shutdown-ukraine
Submission: On December 13 via api from TR — Scanned from DE
Submission: On December 13 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * Elections * Technology * Cyber Daily® * Click Here Podcast Go Subscribe to The Record ✉️ Free Newsletter A Kyivstar office in Lviv, Ukraine. Image: Maksym Kozlenko / Wikimedia Commons / CC BY-SA 4.0 Daryna Antoniuk December 12th, 2023 * Technology * News * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. UKRAINE'S LARGEST TELECOM OPERATOR SHUT DOWN AFTER CYBERATTACK This article was updated at 10:40 a.m. EST KYIV — Ukraine’s largest telecom operator, Kyivstar, got hit by a major cyberattack on Tuesday, leaving millions of people without cell service and internet. Kyivstar customers began complaining about network and internet outages in the early morning. The company later reported via Facebook that it got hit by a "powerful" cyberattack that led to a "large-scale technical failure." Customers' data hasn't been compromised, the statement said. Kyivstar's services in Ukraine were still down as of Tuesday afternoon. The company’s CEO, Oleksandr Komarov, said in a video statement that “it is still not completely clear” when the company will restore normal operations. Ukraine's state cybersecurity agency (SSSCIP) told Recorded Future News that the "relevant services," including Ukraine's computer emergency response team (CERT-UA), are investigating the incident. Kyivstar didn't reply to a request for comment. Its parent company, the Netherlands-based VEON, confirmed in a news release that the incident was a “hacker attack.” Sources within Kyivstar told several Ukrainian media outlets that hackers breached “a part of the operator's internal systems” and that the company is working to “launch duplicate systems.” The decision to completely shut down the Kyivstar system was made by security forces and the operator in order to "localize" the impact of the attack, one of the sources said. UKRAINIANS LOOK FOR NEW SIMS Many Ukrainians chose to switch mobile carriers on Tuesday, rather than wait for Kyivstar services to return. Ukraine has three major telecom operators: Kyivstar, with 24 million subscribers; Vodafone, with 19 million; and Lifecell with 8.5 million. Switching to another operator in Ukraine is easy — no contract is needed, and it's relatively cheap (a prepaid SIM card costs about $5). In Ukraine's capital, Kyiv, many people were lining up on Tuesday to buy SIM cards from Vodafone and Lifecell to stay connected. One Kyiv resident, who was affected by the Kyivstar outage, told Recorded Future News that it was hard to figure out how to switch to another operator at first, but she was happy that it worked out because she needs the cellular network to make phone calls for her work. Subscribers of Vodafone and Lifecell were complaining that the services were working slowly. Vodafone and Lifecell have Azerbaijani and Turkish owners, respectively. A Vodafone spokesperson told Recorded Future News that the company saw an increase in new subscribers on Tuesday, while the load on its network increased by 30% and was growing. “The company's engineers work to maintain network availability for all subscribers in such conditions,” Vodafone said. Vodafone services were not targeted by a cyberattack, but the company said it "keeps an eye" on its systems. Lifecell said that some of its services, including the website and mobile app, were temporarily down due to the increased load. Last year, amid blackouts caused by Russian missile strikes, Ukrainian mobile operators introduced a service called "national roaming," allowing subscribers to switch operators when the base transceiver stations (BTS) of others are damaged or disconnected. However, this service was unavailable on Tuesday for Kyivstar subscribers, probably because the problem was not with BTS but with the core of the operator's network, a Lifecell spokesperson told Forbes Ukraine. Several other sources also alleged that the attack probably affected Kyivstar's core network. The core network is the central part of the operator’s telecommunications infrastructure. It connects different regions or countries and routes traffic to external networks, such as the internet and cloud services. The attack on Kyivstar also affected the operations of Ukraine’s largest state-owned bank, PrivatBank. The company said that the work of some of its banks, ATMs, and point-of-sale (POS) terminals used by businesses to process card payments was disrupted because they rely on Kyivstar SIM cards. However, the disruption is not “massive,” the company said. Another Ukrainian bank, Monobank, suffered a distributed denial-of-service (DDoS) attack on its systems on Tuesday but quickly resolved the incident. Ruslan Kravchencko, the head of the regional state administration in Kyiv, also warned that the Kyivstar hack had affected the air raid alert systems that notify residents of Russian missile strikes in the region. The outage impacts 75 small towns and settlements in the Kyiv region, but Kravchencko didn’t mention the city itself. While the alerts system is down, the police and emergency service workers will warn about missile strikes through loudspeakers, he said. POTENTIAL SUSPECT The hacker group behind those attacks is unknown, but fingers point to Russia. Ukraine’s security service (SBU) told Ukrainian media that it suspects Russian intelligence services. The SBU opened criminal proceedings over the cyberattack on Kyivstar. Some of the charges include unauthorized interference in the work of information systems, high treason, and sabotage. Telecom operators and internet providers are an attractive target for hackers of both countries. Vodafone told Recorded Future News that since the start of the war last February, it recorded over 240 cyberattacks on its systems. In an October interview with The Record’s Click Here podcast, Illia Vitiuk, head of the cyber department at the SBU, said there had been “a serious attempt to penetrate one of Ukraine’s telecom operators,” but it was stopped. “This penetration could lead to eavesdropping, listening to phone calls of our people, reading messages,” Vitiuk said. “And if one of [the companies] is out of operation, the other two won't be able to operate because they will be overloaded.” Last March, Russian hackers disrupted web traffic from major Ukrainian internet service provider Ukrtelecom, causing one of the most widespread internet outages since Russian troops invaded Ukraine. Russian communication services are also under attack. Ukrainian hacktivists are consistently targeting small internet providers in the occupied parts of Ukraine. In June, a group of previously unknown hackers claimed responsibility for a cyberattack on the Russian satellite communications provider Dozor-Teleport, which is used by energy companies and the country's defense and security services. * * * * * Tags * Ukraine * telecom * internet outages * Kyiv * SIM Previous articleNext article Nearly 130,000 affected by ransomware attack on cold storage company Americold FCC reminds mobile phone carriers they must do more to prevent SIM swaps DARYNA ANTONIUK Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post. BRIEFS * Ukraine’s intelligence claims cyberattack on Russia’s state tax serviceDecember 12th, 2023 * FCC reminds mobile phone carriers they must do more to prevent SIM swapsDecember 12th, 2023 * Long-running Clearview AI class action biometric privacy case settlesDecember 11th, 2023 * Alleged leader of Kelvin Security hacker gang arrested in SpainDecember 11th, 2023 * TV service in UAE hacked to show alleged atrocities in PalestineDecember 11th, 2023 * More evidence of Russian intelligence exploiting old Outlook flawDecember 8th, 2023 * Leader of Russian hacktivist group Killnet ‘retires,' appoints new headDecember 8th, 2023 * Russian opposition activists use QR codes to spread anti-Putin messagesDecember 7th, 2023 * Russian citizen pleads guilty to operating Bitzlato crypto exchange used by cybercriminalsDecember 7th, 2023 OBFUSCATION AND AI CONTENT IN THE RUSSIAN INFLUENCE NETWORK “DOPPELGÄNGER” SIGNALS EVOLVING TACTICS Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics CRYPTO COUNTRY: NORTH KOREA’S TARGETING OF CRYPTOCURRENCY Crypto Country: North Korea’s Targeting of Cryptocurrency AS BLACK FRIDAY APPROACHES, 3 KEY TRENDS OFFER INSIGHTS FOR MITIGATING ONLINE SHOPPING SCAMS As Black Friday Approaches, 3 Key Trends Offer Insights for Mitigating Online Shopping Scams IMPROVING AUTOMATION AND ACCESSIBILITY DRIVE $100 BILLION IN PROJECTED AD FRAUD LOSSES Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses CHARTING CHINA’S CLIMB AS A LEADING GLOBAL CYBER POWER Charting China’s Climb as a Leading Global Cyber Power * * * * * Privacy * About * Contact Us © Copyright 2023 | The Record from Recorded Future News