SBU identifies the Russian hackers who attacked Kyivstar

The Security Service of Ukraine has identified the hackers from Russia's Main Intelligence Directorate (GRU) who attacked the national mobile operator Kyivstar.

This was announced by the SBU's head of cyber security, Illya Vitiuk, in his interview with Ukrinform, reports the SBU press office.

SBU experts and investigators are now gathering a body of evidence pointing to the GRU hackers, and when the examinations are complete and the suspicion notices are issued, the investigation files will be submitted to the International Criminal Court in The Hague.

Illya Vitiuk stressed that cyber attacks on civilian infrastructure should be recognized as war crimes.

So far, the SBU has found that the Kyivstar breach was carried out by the hacker group SandWorm, which is a full-time unit of the Russian GRU.

According to Vitiuk, the SBU is currently carrying out a series of examinations on the systems affected by the hackers and the damage inflicted. The special service has also sent out requests for additional information from international partners.

Illya Vitiuk emphasized that all the investigation covers all the people in the chain of command who were involved in this attack.

"Not just the individual hacker, but at least the head of the military unit and the leadership of the special service, carrying out destructive operations should bear responsibility for what has been done," believes the head of cyber security.

At the same time, he stressed that there have only been three cases in the world when hackers were prosecuted of cyberattacks on infrastructure and one of these cases is the result of the SBU's work.

The Kyivstar attack

The mobile operator "Kyivstar" suffered a large-scale outage in the morning of December 12, 2023: customers had no Internet access and could not log into the "Kyivstar" app, the company's website was down.

On the same day, "Kyivstar" reported an intense cyber attack that caused the technical failure; the company's IT infrastructure was partially destroyed.

The Security Service of Ukraine opened a case regarding the cyber attack on "Kyivstar" and considered the Russian special services as a possible force behind the incident.

The Russian hacker group Solntsepek has claimed responsibility for the cyberattack on "Kyivstar". According to the SBU, it is a unit of the General Directorate of the Russian Armed Forces' General Staff.

The cyber attack on the national operator "Kyivstar" was a result of an employee's account being compromised.

On December 20, 2023, "Kyivstar" announced that all the basic services affected by the hack have been restored.

A month and a half after the large-scale hack, Kyivstar's Director of Information Security, Yuriy Prokopenko, who had worked at the company for almost eight years, left Kyivstar.