Russian Hackers Claim Responsibility for Cyberattack on Ukraine’s Largest Mobile Network

A cyberattack targeting Ukraine’s largest mobile network operator, Kyivstar, has been attributed to a hacking group believed to have ties to Russian military intelligence. The attack, which occurred on Tuesday, resulted in widespread service disruption and damage to IT infrastructure, as well as the silencing of air raid alert systems in certain areas of Ukraine. The group responsible for the attack, known as Solntsepyok, claimed responsibility on the Telegram messaging app and shared screenshots indicating their access to Kyivstar’s servers. Ukraine’s State Service of Special Communications and Information Protectorate (SSSCIP) stated that an expert group, in collaboration with the SBU intelligence agency, is investigating the incident. The SSSCIP linked the cyberattack to a Russian group associated with the General Staff of the Armed Forces of the Russian Federation, commonly known as the GRU. This incident further highlights the use of cyberspace as a battleground by Russia in its ongoing conflict with Ukraine. The SSSCIP had previously identified Solntsepyok as a front for a Russian hacking group called Sandworm, which has targeted Ukraine’s energy sector in the past. In response to inquiries from Reuters, a representative of Solntsepyok acknowledged carrying out the attack and referred to the internal documents posted on their Telegram channel. The representative did not elaborate on a connection to the GRU. The attack on Kyivstar is one of the most significant cyberattacks to date since Russia’s invasion of Ukraine in February 2022, indicating a level of sophistication often associated with state intelligence agencies. Solntsepyok claimed to have destroyed over 10,000 computers and 4,000 servers during the attack, including vital cloud storage and backup systems. The GRU has repeatedly denied involvement in cyberattacks of this nature, and attempts to contact them for comment were unsuccessful. The repercussions of this attack emphasize the urgent need for enhanced cybersecurity measures and global cooperation to combat this ongoing threat.