On the morning of 12 December, the largest Ukrainian telecommunications operator Kyivstar and one of the country’s leading banks Monobank came under a hacker attack.
Kyivstar is Ukraine’s largest mobile operator and one of the country’s biggest broadband Internet providers, with over 24 million mobile customers.
Before the hacker attack was officially confirmed, the company’s clients complained about network and internet outages from the early morning of 12 December. The hacker attack caused a technical failure, which made mobile communications and Internet access unavailable. The company assures that subscribers’ data has not been compromised.
Kyivstar CEO Oleksandr Komarov said it was unclear when connectivity would be fully restored, as the company’s IT infrastructure was been partially destroyed due to the hacker attack. He said that the aim of the attackers was to cause maximum damage to it.
However, he added that the company has not detected any signs of user data leakage so far.
The data leakage possibility is important because, since 2017, Kyivstar has been cooperating with the Ministry of Economy, providing the government with statistical information. Before Russia’s invasion, this included calculating the movements of tourists in Ukraine and abroad.
With the start of the Russian aggression, the data from telecom operators could tell a lot about people’s movements. And they were actively used in research on IDPs and refugees. Mobile operators keep careful records of customers abroad, where, according to Kyivstar, there are about 2.5 million subscribers, and according to Vodafone, 2 million.
Apart from Kyivstar, Monobank, a Ukrainian virtual bank that serves over 7 million customers, also suffered from the massive DDoS attack on 12 December, the company’s co-founder and CEO Oleh Horokhovskyy said.
The cause of the massive technical failure was a hacking attack on the network core. The CEO of Monobank, Oleh Horokovskyy, said that the object of the attack was entry points on Amazon (Banks, website).
Monobank repelled the attack about 40 minutes after it was reported to start.
Other issues caused by the hacker attack on Kyivstar
Some Ukrainian banking companies such as Oschadbank and Privat24 also reported problems due to Kyivstar’s connection failures, Suspilne reported.
Some of Oschadbank’s ATMs, POS terminals, and information payment terminals (IPTs) became inoperable, the bank’s press service said. Full restoration of their operation will occur once the failure of Kyivstar’s services is fixed.
PrivatBank also warned about the unstable operation of terminals due to the Kyivstar outage. Oleg Serha, PrivatBank spokesman, said that due to difficulties from the hacker attacks on Kyivstar, some POS terminals, ATMs, and self-service terminals may work unstably or have no connection. This means that stores, nationwide delivery services, and other businesses can also be affected.
Due to the huge hacker attack on the largest Ukrainian telecommunications operator, Ukrainians observed new problems with street lighting in many oblasts of Ukraine, RBK Ukraine reported. Streetlights must now be switched on manually in Lviv. The city administration has already described the situation as “unusual.”
Similar problems are observed in Sumy and Zaporizhzhia oblasts. Chernivtsi warned about possible difficulties with paying for public transport using validators, RBK reported. Fares in the Kyiv subway will be paid as usual.
Kyivstar’s outages should not affect the air raid warning system as the air raid warning system does not depend on Kyivstar.
“Even in the event of a power outage, the modernized part of the warning system will work autonomously,” Kyiv City Administration added.
However, there were problems with the functioning of warning systems in some settlements, Kyiv Oblast Military Administration reported. Currently, the local services are working to “ensure that residents receive timely warnings of danger.”
“In the places where the old part of the system is installed, in the event of a power outage, the siren will be announced by the patrol police through loudspeakers,” Kyiv City Administration added.
Ukraine’s Interior Minister Ihor Klymenko said that due to problems with Kyivstar, Ukrainians can contact relatives or call emergency services at the nearest police station or fire station. The emergency numbers 101, 102, and 112 are working as usual.
Since the beginning of the full-scale war, mobile operators launched a system of free domestic roaming. If one operator is unavailable, users can switch to another operator’s network.
The mobile operator Vodafone Ukraine said they received many calls from Kyivstar subscribers to call centers regarding the national roaming service.
“On our side, the service is working properly. At least we see Lifecell subscribers registered in our network with the help of the national roaming service,” the company said.
Who is behind the largest cyberattacks on Ukraine’s critical infrastructure since the full-scale invasion?
Monobank did not assign responsibility for the cyberattack, but speculation immediately began that Russia was behind it. In July 2023, Monobank had a technical failure, Ukrainska Pravda reported. A month ago, Monobank invited all interested developers to find vulnerabilities in Monobank and receive a reward for it, BBC Ukraine reported.
Kyivstar didn’t specify the exact source of the hacker attack. The CEO of Kyivstar, Oleksandr Komarov, said “It is a very powerful hacker attack, which partially destroyed IT infrastructure.” The goal of the hackers was specifically to damage infrastructure and Komarov said that “they partially achieved this goal.”
“The Russian war against Ukraine has many dimensions, and one of them is cyberspace,” Kubrakov added.
According to Kubrakov, Ukraine’s law enforcement agencies and special state services will investigate the circumstances and consequences of the illegal actions involving interference in the network.
Once after the massive attack, Ukraine’s Security Service opened a criminal investigation into a cyberattack on the Kyivstar mobile operator, Suspilne reported, citing the SBU press service. According to SBU’s version, Russian special services may be behind the attack.
In October 2023, Bloomberg reported, citing Ukraine’s officials, that Russia has significantly escalated cyberattacks on Ukraine’s critical infrastructure and government agencies since invading the country in February 2022.
Russian cyberattacks are growing more sophisticated and have become daily occurrences aimed at disrupting vital infrastructure during wartime, Anton Demokhin, Deputy Minister of Foreign Affairs of Ukraine for Digital Development.
“Russian hackers continue to target government bodies, security agencies, and businesses, including financial institutions, to disrupt services and steal data,” he said.
According to Ukrainian government data seen by Bloomberg, the country recorded nearly 4,000 cyber incidents from January 2022 to September 2023, most attributed to Russia.
- Ukraine downs 9/15 explosive drones, two missiles during Russia’s latest air attack
- Zelenskyy meets with leaders of US defense companies
- Int’l coalition formed in Ukraine to bring back Ukrainian kids forcibly deported by Russia
- Slovak carriers resume blocking border crossing for Ukrainian carriers
- One Poland-Ukraine border crossing resumes operations following blockade resolution