Pierluigi Paganini December 12, 2023

Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict.

Kyivstar, the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine.

The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country.

This morning the company announced that it has suffered a cyber attack that temporarily blocked its services.

“This morning we became the target of a powerful cyber attack that caused a technical failure that led to temporarily unavailable services:
🔸 mobile connection;
🔸 Internet access.
💁 Of course, this is a challenge for us. But now to address the circumstances and consequences of illegal interference in network activities we:
✔️Representatives of law enforcement and state special services involved;
✔️ working to eliminate the consequences for the first restoration of communication.
The most important thing is that, from now on, subscribers’ personal data is not compromised. We sincerely apologize for the temporary inconvenience and thank you for your understanding.” ” reads the message published by Kyivstar on social media. “Our team will make sure to compensate members who did not have a connection or could not use our services.
Yes, our enemies are treacherous. But we are ready to face any difficulties, overcome them and continue to work for Ukrainians.”

All mobile communications and internet access were temporarily interrupted.

Kyivstar notified law enforcement and local authorities, including the SSU (Security Service of Ukraine). The SSU announced that it has opened criminal proceedings on the cyber attack under eight articles of the Criminal Code of Ukraine.

The service provider added that the personal data of its subscribers were not compromised.

Company CEO Oleksandr Komarov said the attack was “a result of” the ongoing conflict, it also explained that IT infrastructure had been “partially destroyed”.

“War is also happening in cyber-space. Unfortunately, we have been hit as a result of this war,” Komarov told a national television broadcast.

Komarov explained that two databases containing customer data had been damaged and were currently locked.

“Ukraine’s SBU intelligence agency told Reuters one of the possibilities it was investigating was that of a cyber-attack conducted by Russian security services.” reported Reuters. “Russia’s foreign ministry did not immediately respond to a request for comment.”

The attack is likely an act of war with the specific intent to hit and destroy a Ukrainian critical infrastructure. The attack isn’t finacially motivated and the attackers did not use any false flags to cover the nature of the attack.

A source close to Ukraine’s cyber defence told Reuters that Russia was suspected to be the source of the attack.

“It’s definitely a state actor,” said the source. “There’s no ransom. It’s all destruction. So it’s not a financially motivated attack.”

Due to the interruption of Kyivstar’s services, Ukrainians can reach relatives or contact emergency services at the nearest police or fire department, stated Ukraine’s Minister of Internal Affairs, Ihor Klymenko. Emergency numbers 101, 102, and 112 remain operational.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Kyivstar)