Major cyberattack on Ukrainian mobile operator disrupts banking services and air raid sirens
By Sean Lyngaas, CNN
(CNN) — A major cyberattack on Ukraine’s largest mobile operator on Tuesday disrupted a regional air raid warning service and some banking services for Ukrainians, according to the operator and local authorities.
The attack appeared to be one of the more impactful cyberattacks on Ukrainian critical infrastructure since Russia’s full-scale invasion nearly two years ago. It damaged IT infrastructure at mobile operator Kyivstar, forcing the company to shut down network connections to contain the incident, CEO Oleksandr Komarov said on Ukrainian television.
Kyivstar had 24.8 million customers at the end of 2022, according to Ukrainian state information agency Ukrinform.
In the northern Sumy region of Ukraine, air raid services experienced outages, according to the local military administration. “Due to a malfunction of the Kyivstar operator, the air alert system will temporarily be out of service in the territory of Sumy city territorial community,” the Sumy city military administration said in a Telegram post. “While the mobile operator’s specialists are troubleshooting technical issues, the community will be notified during the air raid by patrol police and the State Emergency Service,” the statement said.
Ukraine’s Security Service (SBU) said it had opened a criminal probe into the incident and that one line of inquiry is whether “Russian special services may be behind the hacker attack.”
SBU teams arrived at the company headquarters to begin the investigation and “to document all the circumstances of the attack,” the intelligence service said.
The Russian embassy in Washington, DC, did not immediately respond to a request for comment.
The Kyivstar disruption came as Ukraine’s military took the remarkable step of publicly claiming credit in a press release Tuesday for a cyberattack on Russia’s federal tax service. CNN could not independently confirm that such a cyberattack took place. CNN has requested comment from the Russian tax service.
Russian state-backed hackers have launched an array of cyberattacks against Ukrainian critical infrastructure alongside airstrikes and other physical attacks to try to degrade Ukrainian defenses, according to Ukrainian officials, US officials and private experts.
The impact of cyberattacks is difficult to assess because of the fog of war, but Ukraine’s cyber defenses have largely proved resilient, according to independent experts.
As Russian troops invaded Ukraine in February 2022, hackers knocked out service for Viasat, a satellite service provider used by the Ukrainian military in the country. The Biden administration blamed Russia for the hack. Moscow routinely denies involvement in cyberattacks.
“So far, [the Kyivstar incident] seems to be the most effective attack on [critical infrastructure] in Ukraine” since Russia’s full-scale, said Victor Zhora, a former top Ukrainian cyber official, on social media platform X.
Asked to elaborate, Zhora told CNN that “even the Viasat attack didn’t have such an impact.” Zhora was sacked last month from Ukraine’s State Service of Special Communications and Information Protection amid a probe into alleged embezzlement at the agency. He denies wrongdoing.
The hack of Kyivstar “is one of the most impactful since the full-scale war began and, hopefully, investigation will reveal how it happened,” Oleh Derevianko, co-founder of Ukrainian cybersecurity firm ISSP, told CNN. A cyberattack of this magnitude “requires lots of time and effort to prepare and execute,” Derevianko added.
Multiple Ukrainians contacted by CNN on Tuesday said their mobile phone service was disrupted by the incident, or that they knew a friend or relative who had had service disrupted.
Taras Vasyliv, who works at Ukraine’s power grid operator, told CNN that he has had to use WiFi to communicate on his phone and that he’s planning to buy a SIM card from another mobile operator so he can get cell service. The hacking incident has not impacted grid operations, he said.
Ukrainian telecom firms have been a target of Russian hacking groups for years, including a notorious group linked with Russia’s military intelligence agency, said John Hultquist, chief analyst at the Google-owned cybersecurity firm Mandiant.
The telecommunication sector “is often targeted by cyber espionage actors seeking to quietly gather intelligence but attacks can have serious military consequences as well as psychological impacts on the populace,” Hultquist said.
This story has been updated with additional details.
CNN’s Victoria Butenko, Svitlana Vlasova and Benjamin Brown contributed reporting.
The-CNN-Wire
™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.