The aftermath of the Kyivstar cyber attack is a warning for us all

Russia
(Image credit: Shutterstock)

The mass outage of Ukrainian mobile and internet provider Kyivstar on December 12 last year has now been attributed to the Russian state-sponsored Sandworm group by Ukraine’s Security Service (SBU).

The attack resulted in a total outage of the networks provided by Kyivstar, which included a number of early-warning attack systems, and caused a surge in traffic on other network providers in Ukraine as people sought alternative means of connectivity.

It has now been determined that the group were lingering inside the Kyivstar network from as early as May 2023.


Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

A wider warning for NATO

The attack also targeted Kyivstar’s computer networks, deleting the data from thousands of servers and causing widespread long term damage to the network operators infrastructure. Speaking in an interview, the head of the SBU Illia Vitiuk said that the attack “completely destroyed the core of a telecoms operator."

“For now, we can say securely, that they were in the system at least since May 2023. I cannot say right now, since what time they had ... full access: probably at least since November.”

Adam Meyers, head of Counter Adversary Operations at CrowdStrike told TechRadar Pro that, “Reports around the destruction of Kyivstar’s virtual infrastructure coincide with reports of air raid sirens in Kiev malfunctioning, as well as payment terminals and multiple banks suffering disruption, and issues reported with payment for public transportation.”

“Since the onset of the conflict, Russian cyber operators have conducted intrusion operations for espionage, information operations, and destructive purposes against Ukrainian targets. An overarching motivation for the adversary is to contribute to psychological operations seeking to degrade, delegitimize, or otherwise influence public trust in state institutions and sectors such as government, energy, transportation and media.”

The attack is suggested to be a part of Russia’s wider hybrid warfare tactics, where the Kremlin’s traditional military attacks are accompanied by cyber and psychological attacks. One such example is Russia’s missile, suicide drone and cyber attacks targeting Ukraine’s energy infrastructure in the winter of 2022-23 in an effort to erode morale and support of Ukraine’s general public for the war.

Such attacks highlight the potential dangers posed to NATO from the Kremlin and its affiliated cyber criminal enterprises. Last year, UK deputy prime minister Oliver Dowden suggested that people should stock up on battery powered radios, torches and first aid kits, listing Russia and cyber attacks as potential threats to the UK.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.


He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.


Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.