how it feels to pay your phone bill

Over nearly a decade, the hacker group within Russia's GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine's power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.

On Tuesday, a cyberattack hit Kyivstar, one of Ukraine's largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.

Kyivstar's CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar's] infrastructure [and] limited access.”

“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy's access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”

The Ukrainian government hasn't yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia's GRU.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group's Telegram account. The message also includes screenshots that appear to show access to Kyivstar's network, though this could not be verified. “We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as government agencies and law enforcement agencies of Ukraine. The rest of the offices helping the Armed Forces of Ukraine, get ready!”

Solntsepek has previously been used as a front for the hacker group Sandworm, the Moscow-based Unit 74455 of Russia's GRU, says John Hultquist, the head of threat intelligence at Google-owned cybersecurity firm Mandiant and a longtime tracker of the group. He declined, however, to say which of Solntsepek’s network intrusions have been linked to Sandworm in the past, suggesting that some of those intrusions may not yet be public. “It's a group that has claimed credit for incidents we know were carried out by Sandworm,” Hultquist says, adding that Solntsepek's Telegram post bolsters his previous suspicions that Sandworm was responsible. "Given their consistent focus on this type of activity, it's hard to be surprised that another major disruption is linked to them.”

If Solntsepek is a front for Sandworm, it would be far from the first. Over its years of targeting Ukrainian infrastructure, the GRU unit has used a wide variety of covers, hiding behind false flags such as independent hacktivist groups and cybercriminal ransomware gangs. It even attempted to frame North Korea for its attack on the 2018 Winter Olympics.

Today, Kyivstar countered some of Solntsepek's claims in a post on X, writing that “we assure you that the rumors about the destruction of our ‘computers and servers’ are simply fake.” The company had also written on the platform that it hoped to restore its network's operations by Wednesday, adding that it's working with the Ukrainian government and law enforcement agencies to investigate the attack. Kyivstar's parent company, Veon, headquartered in Amsterdam, didn't respond to WIRED's request for more information.

While the fog of war continues to obscure the exact scale of the Kyivstar incident, it already appears to be one of the most disruptive cyberattacks to have hit Ukraine since Russia's full-scale invasion began in February 2022. In the year that followed, Russia launched more data-destroying wiper attacks on Ukrainian networks than have been seen anywhere else in the world in the history of computing, though most have had far smaller effects than the Kyivstar intrusion. Other major Russian cyberattacks to hit Ukraine over the past 20 months include a cyberattack that crippled thousands of Viasat satellite modems across the country and other parts of Europe, now believed to have been carried out by the GRU. Another incident of cybersabotage, which Mandiant attributes to Sandworm specifically, caused a blackout in a Ukrainian city just as it was being hit by missile strikes, potentially hampering defensive efforts.

It's not yet clear if the Kyivstar attack—if it was indeed carried out by a Russian state-sponsored hacker group—was merely intended to sow chaos and confusion among the company's customers, or if it had a more specific tactical intention, such as disguising intelligence-gathering within Kyivstar's network, hampering Ukrainian military communications, or silencing its alerts to civilians about air raids.

“Telecoms offer intelligence opportunities, but they're also very effective targets for disruption," says Mandiant's Hultquist. “You can cause significant disruption to people's lives. And you can even have military impacts.”

ウクライナで2400万人のユーザーを抱える通信会社Kyivstar(Київстар：キーウスター)が、現地時間2023年12月12日朝に大規模なサイバー攻撃を受けたことを明らかにしました。この攻撃による個人情報の流出はないものの、技術的な障害が発生して、モバイル通信とインターネットアクセスが一時的に利用不可能になったとのこと。影響範囲は数百万人に及ぶとみられています。 Ukraine's largest telecom operator shut down after cyberattack https://therecord.media/kyivstar-cyberattack-telecom-shutdown-ukraine

ウクライナ最大の通信会社Kyivstarが戦時最大規模のサイバー攻撃を受け数百万人に影響 - GIGAZINE

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Ukrainian Telecom

Source: https://www.wired.com/story/ukraine-kyivstar-solntsepek-sandworm-gru/

More info: https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

Oligarch-linked telecom group to accelerate Ukraine's Kyivstar to Nasdaq

Unlock the Editor’s Digest for free . A telecommunications conglomerate with ties to two sanctioned oligarchs plans to list its Ukrainian business in New York through a private equity firm, after losing its corporate rights in the group. authorities in Kyiv. Veon in Dubai, whose main shareholder is the company LetterOne Investment Holdings created by Mikhail Fridman and Petr Aven, on Monday…

VEON plant US-Börsengang für Kyivstar: Ein Meilenstein für die Ukraine

VEON plant US-Börsengang für Kyivstar: Ein Meilenstein für die Ukraine: https://www.it-boltwise.de/veon-plant-us-boersengang-fuer-kyivstar-ein-meilenstein-fuer-die-ukraine.html

VEON is moving forward with a proposed US listing for Ukraine's leading telco Kyivstar

By Gianluca Lo Nostro and Leo Marchandon (Reuters) – Telecoms group VEON is moving ahead with its plan to float its Kyivstar unit in the United States, in a move that would make it the first Ukrainian company to be listed in the United States. Dubai-based VEON has signed a letter of intent with Cohen Circle to combine their businesses, with the aim of listing Kyivstar indirectly on Nasdaq, where…

VEON is moving forward with a proposed US listing for Ukraine's leading telco Kyivstar

By Gianluca Lo Nostro and Leo Marchandon (Reuters) – Telecoms group VEON is moving ahead with its plan to float its Kyivstar unit in the United States, in a move that would make it the first Ukrainian company to be listed in the United States. Dubai-based VEON has signed a letter of intent with Cohen Circle to combine their businesses, with the aim of listing Kyivstar indirectly on Nasdaq, where…

VEON is moving forward with a proposed US listing for Ukraine's leading telco Kyivstar

By Gianluca Lo Nostro and Leo Marchandon (Reuters) – Telecoms group VEON is moving ahead with its plan to float its Kyivstar unit in the United States, in a move that would make it the first Ukrainian company to be listed in the United States. Dubai-based VEON has signed a letter of intent with Cohen Circle to combine their businesses, with the aim of listing Kyivstar indirectly on Nasdaq, where…

VEON moves ahead with planned US listing for Ukraine's top telco Kyivstar

Ukraine's main mobile network, Kyivstar, says it's been the target of a "powerful hacker attack".

Customers have been left without phone or internet access, while one city's air raid sirens stopped working. Kyivstar's chief executive implied Russia could be responsible.

Ukraine's security services are investigating. Moscow hasn't commented.

The Kyivstar network is estimated to have some 24 million mobile customers and a million home internet users.

Reports emerged on Tuesday morning that people and businesses had lost mobile and internet signal.

Air raid sirens in the north-eastern city of Sumy also malfunctioned as a result of the outage.

Military authorities in the area announced they would send out police and emergency vehicles to alert residents of any incoming missile or drone strikes.

Ukraine's largest bank, PrivatBank, said some cash machines were not working and might be "unstable" or "have no connection".

An investigation has been opened by the Security Service of Ukraine (SBU).

"One of the versions currently being investigated by SBU investigators is that the Russian special services may be behind this hacker attack," SBU said in a statement.

Kyivstar said earlier it had called in law enforcement agencies because of the "illegal interference".

The company's general director, Oleksandr Komarov, also appeared to suggest Russian actors could be to blame.

"The war with Russia has many dimensions and one of them is in cyberspace," he said.

"We are working to restore communication as soon as possible," he added and promised compensation for affected customers.

The operator said no-one's personal data had been compromised.

Russia launched a full-scale invasion of Ukraine in February 2022, with the war now well into its second year.

Dutch-domiciled parent company Veon said it would work with Kyivstar on "additional security measures" to prevent similar incidents in future.

Separately, Ukraine's military intelligence claimed to have carried out a cyber-attack on Russia's federal tax system in recent days.

"During the special operation, military intelligence of Ukraine managed to break into one of the well-protected key central servers of the federal tax service," read a statement on Telegram.

It said Russian efforts to restore services were now into their fourth day.

キエフ — ウクライナ最大の通信事業者キエフスターは火曜日、大規模なサイバー攻撃に見舞われ、数百万人が携帯電話サービスとインターネットを利用できなくなった。 Kyivstar の顧客は早朝からネットワークとインターネットの停止について苦情を言い始めました。 同社は後に 報告した フェイスブックを通じて、「強力な」サイバー攻撃を受け、「大規模な技術的障害」を引き起こしたと 。 顧客のデータは侵害されていないと声明は述べた。 ウクライナにおけるキエフスターのサービスは火曜日午後の時点でもまだダウンしている。 同社のオレクサンドル・コマロフ最高経営責任者（CEO）は ビデオ声明 で、いつ通常業務に戻るかは「まだ完全には明らかではない」と述べた。 ウクライナ国家サイバーセキュリティ局（SSSCIP）はレコード・フューチャー・ニュースに対し、ウクライナのコンピュータ緊急対応チーム（CERT-UA）を含む「関連サービス」がこの事件を調査していると語った。 キエフスターはコメントの要請に応じなかった。 親会社であるオランダに本拠を置くVEONは、 ニュースリリース の中で、この事件は「ハッカー攻撃」であることを認めた。 キエフスター内部の関係者は と語った 複数のウクライナメディアに対し、ハッカーが「通信事業者の内部システムの一部」に侵入し、同社が 取り組んでいる 「複製システムの起動」に 。 情報筋の１人によると、キエフスターのシステムを完全に停止する決定は、攻撃の影響を「局地化する」ために治安部隊と通信事業者によって下されたという。

ウクライナ最大の通信事業者がサイバー攻撃を受けて閉鎖

Starlink vai oferecer internet via satélite para celulares na Ucrânia

A Ucrânia será um dos primeiros países a testar o serviço de internet via satélite oferecido pela Starlink para celulares. A empresa de Elon Musk fechou um acordo com a Kyivstar, uma das principais companhias de telecomunicação ucranianas. A parceria permitirá que a população do país tenha acesso à conexão móvel de forma ininterrupta. Não será necessária a instalação de nenhum hardware ou…

Kyivstar secures approval to acquire Uklon in multimillion-dollar deal

The Ukrainian Anti-Monopoly Committee (AMCU) approved Kyivstar’s acquisition of taxi service Uklon on Feb. 6, Kyivstar CEO Oleksandr Komarov announced at an American Chamber of Commerce in Ukraine event.

AMCU head Pavlo Kyrylenko said Kyivstar will also acquire Tech Uklon LLC, Uklon Corporate, and Uklon Ukraine.

“The committee concluded that Kyivstar’s actions will not lead to structural changes in any of the three affected markets: online advertising, passenger transportation, and goods delivery,” Kyrylenko said.

Forbes Ukraine reported on Jan. 27 that Kyivstar had filed an application with Ukraine’s antitrust regulator to purchase Uklon, estimating the deal’s value at $40–80 million.

Uklon generated Hr 1.2 billion ($28 million) in revenue during the first three quarters of 2023, doubling its earnings from the same period the previous year. However, the company has struggled to expand internationally, facing tough competition from Uber and Bolt.

Veon, Kyivstar’s parent company, brings capital, expertise, and access to other markets, one market insider told Forbes.

In January, Veon announced plans to list Kyivstar on Nasdaq, with Komarov suggesting this could happen in the third quarter of 2025. Since the start of Russia’s full-scale invasion, Kyivstar has invested Hr 32 billion ($772 million) into the company.

At the end of 2024, Kyivstar also signed an agreement to make Ukraine one of the first countries with access to Starlink’s direct-to-cell service.

Ukraine Business Roundup — Record wartime private sector investment

The following is the Jan. 29, 2025 edition of our Ukraine Business Roundup weekly newsletter. To get the biggest news in business and tech from Ukraine directly in your inbox, subscribe here. Ukraine’s largest private energy company, DTEK, announced plans on Jan. 22 to invest 450 million euros ($4…

The Kyiv IndependentLiliane Bivings

"Game-Changer": Musk's Starlink To Roll Out Direct-To-Cell Across Ukraine

Zero Hedge by Tyler DurdenMonday, Dec 30, 2024 – 11:05 AM Ukraine’s largest mobile operator, Kyivstar, has signed an agreement with Elon Musk’s Starlink to provide direct-to-cell satellite connectivity across the war-torn country. The new deal brings mobile coverage to areas where traditional ground-based cellular networks are non-existent due to Russia’s relentless targeting of critical…