A cyberattack that knocked Ukraine’s biggest mobile network operator offline has been claimed by a hacking group believed to be affiliated with Russian military intelligence, Ukraine's cyber defence agency said on Wednesday.
Tuesday’s attack on Kyivstar, which has 24.3 million mobile subscribers and more than 1.1 million home internet users, knocked out services, damaged IT infrastructure, and silenced air raid alert systems in some parts of Ukraine.
A group of activist hackers, or "hacktivists", called Solntsepyok said in a post on the Telegram messaging app that it carried out the cyberattack, and published screenshots appearing to show that the hackers had accessed Kyivstar’s servers.
Ukraine's State Service of Special Communications and Information Protectorate (SSSCIP) said in a statement that an expert group was looking into the incident with the SBU intelligence agency.
"Responsibility for the cyberattack was taken by one of the Russian groups, whose activities are associated with the main directorate of the General Staff of the Armed Forces of the Russian Federation," it said, referring to Russia's GRU military intelligence agency.
"This once again confirms Russia's use of cyberspace as one of the domains of the war against Ukraine," it said, without naming the group that has claimed responsibility.
Earlier this year, the SSSCIP identified Solntsepyok as a front for a Russian hacking group dubbed "Sandworm" which has been previously linked to the GRU.
Sandworm has been tracked by cybersecurity researchers as one of Russia’s most powerful hacking groups, responsible for cyberattacks against Ukraine’s energy sector.
In response to a request for comment from Reuters, a representative of the group confirmed they had carried out the attack and referred to the internal Kyivstar documents posted to the groups’ Telegram channel.
The representative did not respond to further requests for comment, including whether the group was connected to the GRU.
It was not immediately possible to contact the GRU for comment. Moscow has repeatedly denied carrying out such cyberattacks.
Tuesday’s digital blitz was one of the biggest cyberattacks since Russia’s full-scale invasion of the country in February 2022. Such attacks which cause widespread and tangible damage are rare and require techniques so sophisticated that they are usually the domain of state intelligence agencies.
In its Telegram post, Solntsepyok said it destroyed more than 10,000 computers and 4,000 servers in the attack against Kyivstar, including its cloud storage and backup systems.
By James Pearson and Alexander Marrow