A cyberattack that knocked Ukraine’s biggest mobile network operator offline has been claimed by a hacking group believed to be affiliated with Russian military intelligence, Ukraine's cyber defence agency said on Wednesday.
The logo of Kyivstar, one of Ukraine's largest telecoms company Reuters/Gleb Garanich//File Photo
A cyberattack that knocked Ukraine’s biggest mobile network operator offline has been claimed by a hacking group believed to be affiliated with Russian military intelligence, Ukraine's cyber defence agency said on Wednesday.
Tuesday’s attack on Kyivstar, which has 24.3 million mobile subscribers and more than 1.1 million home internet users, knocked out services, damaged IT infrastructure, and silenced air raid alert systems in some parts of Ukraine.
A group of activist hackers, or "hacktivists", called Solntsepyok said in a post on the Telegram messaging app that it carried out the cyberattack, and published screenshots appearing to show that the hackers had accessed Kyivstar’s servers.
Ukraine's State Service of Special Communications and Information Protectorate (SSSCIP) said in a statement that an expert group was looking into the incident with the SBU intelligence agency.
"Responsibility for the cyberattack was taken by one of the Russian groups, whose activities are associated with the main directorate of the General Staff of the Armed Forces of the Russian Federation," it said, referring to Russia's GRU military intelligence agency.
"This once again confirms Russia's use of cyberspace as one of the domains of the war against Ukraine," it said, without naming the group that has claimed responsibility.
Earlier this year, the SSSCIP identified Solntsepyok as a front for a Russian hacking group dubbed "Sandworm" which has been previously linked to the GRU.
Sandworm has been tracked by cybersecurity researchers as one of Russia’s most powerful hacking groups, responsible for cyberattacks against Ukraine’s energy sector.
In response to a request for comment from Reuters, a representative of the group confirmed they had carried out the attack and referred to the internal Kyivstar documents posted to the groups’ Telegram channel.
The representative did not respond to further requests for comment, including whether the group was connected to the GRU.
It was not immediately possible to contact the GRU for comment. Moscow has repeatedly denied carrying out such cyberattacks.
Tuesday’s digital blitz was one of the biggest cyberattacks since Russia’s full-scale invasion of the country in February 2022. Such attacks which cause widespread and tangible damage are rare and require techniques so sophisticated that they are usually the domain of state intelligence agencies.
In its Telegram post, Solntsepyok said it destroyed more than 10,000 computers and 4,000 servers in the attack against Kyivstar, including its cloud storage and backup systems.
By James Pearson and Alexander Marrow
Democratic Republic of Congo and Rwanda are heading for a diplomatic battle over the leadership of the International Organisation of La Francophonie (OIF), with both fielding rival candidates as fighting grinds on in eastern Congo.
A U.S. delegation led by CIA director John Ratcliffe met with his counterpart at Cuba's Interior Ministry in Havana on Thursday, the Cuban government said in a statement, as tensions worsen over a U.S. fuel blockade that has starved the island of fuel and power generation.
China's Xi Jinping told President Donald Trump that trade talks were making progress at the start of a two-day summit on Thursday but warned that disagreement over Taiwan could send relations down a dangerous path and even lead to conflict.
To make this website run properly and to improve your experience, we use cookies. For more detailed information, please check our Cookie Policy.
Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.