Millions of Ukrainians forced offline: who’s behind one of the biggest ever cyberattacks

The IT systems of Ukraine's largest telecommunications operator have been partially destroyed

Ukraine’s primary mobile network provider, Kyivstar, has been brought down by what is described as one of the biggest cyberattacks ever, leaving millions of customers without mobile phones and home internet service on Tuesday.

1. What happened?
   Ukraine's largest telecommunications provider suffered a major hacker attack on Tuesday, knocking out mobile phone service to millions of people. Mobile communications and access to the internet were down throughout the day. The attack on Kyivstar, which has 24.3 million mobile customers and over 1 million home internet subscribers, has led to a ripple effect that has caused outages of IT infrastructure and disrupted services at banks and some state institutions.
   
2. Who was affected?
   The cyberattack caused a widely felt technical failure and disrupted the operations of many of Ukraine’s major financial institutions. The largest state-owned bank, PrivatBank, was affected by the hack as the work of some of its offices, ATMs, and point-of-sale (POS) terminals used by businesses to process card payments was disrupted because they rely on Kyivstar SIM cards. Some cash machines of other big banks, including Oshadbank and Monobank, were not working either. Air raid alert systems in the city of Sumy also reportedly malfunctioned due to the outage.
   
3. Why is it significant?
   The incident has heavily impacted Kiev and far beyond, including major cities and regions, affecting mobile and fixed-line services with a knock-on impact on sectors, including airstrike alert systems and banking. The Security Service of Ukraine (SBU) said on Wednesday that the attack on Kyivstar has inflicted critical damage to its digital infrastructure, with IT systems being partially destroyed. Restoring operations will take time, the service said.
   The Ukrainian military relies heavily on smartphones and mobile data to communicate and coordinate operations, especially on encrypted messaging applications. While the country has other cell phone providers and the military uses Starlink satellite connection extensively, the Kyivstar outage could affect Ukrainian troops’ ability to coordinate in some places.
   
4. What’s the significance of the timing of the incident?
   The massive hack occurred as Ukrainian President Vladimir Zelensky met with US President Joe Biden and lawmakers in Washington, DC on Tuesday, pleading for more funding for Kiev. During the meeting, the US leader announced another military aid package of $200 million for Ukraine, which includes air defense interceptors, artillery, and ammunition. However, the sum is relatively insignificant compared to the $111 billion in military and economic assistance Washington has provided to Kiev since February 2022.
   The meeting occurred after a bill intended to provide $60 billion in aid for Kiev was blocked in the US Senate last week. Republicans demanded tougher immigration control on the southern US border in exchange for approving Ukraine assistance.
   
5. Who is behind the attack?
   Ukraine’s SBU intelligence agency has alleged that Russian security services could be to blame. The agency opened criminal proceedings over the cyberattack under eight charges, including unauthorized interference in the work of information systems, high treason, and sabotage.
   Meanwhile, Russian hacktivist group Killnet claimed responsibility for the attack in a post on its Telegram channel but did not provide evidence. Following the breach, Russian hackers said they launched the attack to test the capabilities of a new partnership with another group called Deanon Club.
   The cyberattack comes as experts are deliberating on possible reasons for the incident, which could be part of Moscow’s effort to force Kiev to negotiate a peace deal to end the ongoing Ukraine conflict. It is assumed that local officials will prepare to ensure other critical infrastructure is insulated from cyberattacks during the winter months.
   
6. Any other suspects?
   The Kyivstar attack looked quite similar to last year’ cyberattack against the Russian YouTube analog called RuTube, some IT experts concluded after analyzing details of the incident. Experts suggested that the attack on the Ukrainian mobile provider could have been self-inflicted, adding that Kiev had previously simulated the collapse of critical infrastructure. Analysts assumed that Kyivstar was hacked “from the inside” precisely during Zelensky’s visit to Washington in order to stir media attention.
   
7. How did Kiev retaliate?
   In a separate statement, Ukraine’s military intelligence claimed to have carried out a cyberattack on Russia’s Federal Taxation Service (FNS) in recent days. The SBU announced on its Telegram channel that Ukrainian military intelligence managed to break into one of the well-protected central servers of the federal tax service.
   Commenting on the announcement, the FNS has denied its services were hacked, adding that it was working as usual while users’ personal data was safe.

For more stories on economy & finance visit RT's business section