by Kateryna Mishchenko

In a recent and alarming incident, Kyivstar, one of Ukraine’s leading telecommunications providers, has fallen victim to a sophisticated cyberattack, highlighting the growing threat to critical infrastructure in the digital age. As of June 2023, Kyivstar stands as one of Ukraine’s major mobile operators, with an impressive base of over 24 million mobile communication users and more than one million subscribers for fixed internet services. The recent attack on the company resulted in a significant disruption, leaving half of Ukraine’s population without essential communication services. The cyber attack on Kyivstar was probably one of the largest subversive cyber attacks on Ukrainian networks since the beginning of the full-scale war.

“On December 12, the largest mobile operator in Ukraine, Kyivstar, was subjected to a cyber attack,” stated an British intelligence report. “The effect of the hackers’ prank lasted for at least two days, affecting the company’s mobile and data transmission services. In particular, the cyber attack left users of the mobile operator with a signal and the ability to use the Internet. At the same time, the company assures that no personal data was compromised during the attack,” the intelligence officers said on the social network X.

At 8:04 a.m. on December 12, the mobile operator Kyivstar issued a notification regarding a technical glitch and potential limitations on communication services and internet access for certain subscribers. The message assured that the company’s experts were actively addressing and resolving the issue. Following a few hours, it became evident that the magnitude of the issue was more significant. Besides the disruption to mobile communication and internet services, the My Kyivstar mobile application, home internet services and the operator’s website were also non-functional.

Approaching noon, the company acknowledged that a robust hacker attack was the root cause of the widespread outage. The statement reassured that, currently, there is no evidence of compromised personal data belonging to subscribers. Meanwhile, the operator’s experts are diligently addressing the aftermath of the hacker attack to swiftly restore communication and resume services. The company also promptly assured subscribers experiencing connectivity issues or service unavailability that compensation would be provided.

On December 13, a hacking group named Solntsepek from Russia claimed responsibility for the cyberattack on Kyivstar’s IT infrastructure. The cybercriminals explained their motives by alleging that the company facilitates communication for the Armed Forces of Ukraine (ZSU). Meanwhile, the Security Service of Ukraine (SBU) clarified that Solntsepek is a hacking unit of the main intelligence directorate of the Russian Armed Forces (better known as GRU). This revelation suggests that the group is publicly legitimizing the results of its criminal activities. The SBU has documented this cyberattack as another act of war crimes committed by Russians.

Mobile operators play a pivotal role in sustaining various sectors of the economy, as their internet services are essential for the smooth operation of the banking infrastructure. Major financial institutions experienced disruptions in the functioning of ATMs and payment terminals. Alongside the indirect impact on the banking system, there was a notable increase in hacker activities targeting the banking infrastructure throughout the day.

The disturbance in Kyivstar’s operations also had repercussions on the civil protection system. Specifically, this led to the temporary inoperability of the air warning system in Sumska oblast and several cities in Kyiv Oblast, including Bucha, Irpin. In Lviv, communication issues arising from the disruption in Kyivstar’s services prevented the automatic shutdown of streetlights. Consequently, city services had to resort to manually disconnecting street lighting lines. At the same time the disruption in the mobile networks of Ukrainian operators had no effect on the activities of military personnel, as a separate network is utilized on the front line.

By December 15, the company’s experts successfully restored mobile internet access across all territories under Ukrainian control. The service now operates across all communication standards, including 4G. As of December 17, mobile operator Kyivstar continues to restore services for its subscribers after the largest hacker attack in the history of the company. The company added on Facebook that they will soon enable the SMS service. Also Kyivstar has pledged compensation for subscribers affected by the extensive cyberattack on the mobile operator.

Ukraine has been the target of several significant cyberattacks in the past, with diverse objectives impacting various sectors. The war on the cyber front has been going on since at least 2015, when Ukraine experienced a significant cyberattack that resulted in over 200,000 clients of energy companies losing electricity. Over the years, Russian and other hacker groups carried out attacks on government websites, including the sites of the President, Government, and other State institutions. In 2017, a major cyberattack occurred using the Petya. A virus, significantly damaging computer systems in many Countries, including Ukraine. This virus was designed for rapid spread and causing harm. At that time, more than a hundred companies were affected.

Cover photo by DC Studio/