A hacking group allegedly associated with Russian military intelligence has claimed responsibility for a cyberattack targeting Ukraine’s largest mobile network operator, Kyivstar. The attack, which occurred on Tuesday, disrupted services for the telecom giant, impacting 24.3 million mobile subscribers and over 1.1 million home internet users. The incident damaged IT infrastructure and even silenced air raid alert systems in certain regions of Ukraine.
The hacktivist group, identified as Solntsepyok, asserted its involvement in the cyber assault via a post on the Telegram messaging app. Screenshots shared by the group suggested unauthorized access to Kyivstar’s servers. However, Russia has consistently denied any involvement in such cyberattacks.
In response to the incident, Ukraine’s State Service of Special Communications and Information Protectorate (SSSCIP) released a statement, indicating collaboration with the SBU domestic intelligence agency for a thorough investigation. The SSSCIP attributed the cyberattack to a Russian group associated with the General Staff of the Armed Forces of the Russian Federation, commonly known as the GRU military intelligence agency.
The SSSCIP had earlier linked Solntsepyok to a Russian hacking group named “Sandworm,” which has historical ties to the GRU. While efforts to reach the GRU for comment were unsuccessful, the SBU declared it had initiated a treason case in response to the cyberattack.
Solntsepyok, in its Telegram post, expressed gratitude to unspecified “concerned colleagues” at Kyivstar and justified the attack by stating, “We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as state bodies and Ukraine’s security forces.”
The cybersecurity community has long identified Sandworm as a formidable hacking group responsible for previous cyber assaults on Ukraine’s energy sector. John Hultquist, head of threat analysis at Google’s Mandiant Intelligence, emphasized Sandworm’s prominence, calling it “Moscow’s weapon of choice for cyberattacks.”
Tuesday’s cyberattack marks one of the most significant incidents since Russia’s full-scale invasion of Ukraine in February 2022. Such attacks causing widespread and tangible damage are uncommon, usually executed with techniques associated with state intelligence agencies. Solntsepyok claimed to have destroyed over 10,000 computers and 4,000 servers, including cloud storage and backup systems, though Kyivstar dismissed these claims as “fake.”
As Kyivstar works to restore services, the international community remains on high alert, observing the escalating cyber warfare between Ukraine and Russia.
+ There are no comments
Add yours