Russian hackers inside Ukraine’s biggest telecoms company since at least May – Kyiv spy chief
Russian hackers were inside Ukrainian telecoms company Kyivstar’s system from at least May last year in a cyber-attack that should serve as a “big warning” to the west, Ukraine’s cyber spy chief told Reuters.
The hack, one of the most dramatic since Russia’s full-scale invasion nearly two years ago, knocked out services provided by Ukraine’s biggest telecoms operator for about 24 million users for days from 12 December.
In an interview, Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused “disastrous” destruction and aimed to land a psychological blow and gather intelligence.
He said:
This attack is a big message, a big warning, not only to Ukraine, but for the whole western world to understand that no one is actually untouchable.
He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.
The attack wiped “almost everything”, including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyber-attack that “completely destroyed the core of a telecoms operator.”
For now, we can say securely, that they were in the system at least since May 2023.
I cannot say right now, since what time they had … full access: probably at least since November.
The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said.
A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: “No facts of leakage of personal and subscriber data have been revealed.”
Vitiuk said it had no big impact on Ukraine’s military:
After the major break there were a number of new attempts aimed at dealing more damage to the operator.
Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn’t affect us strongly.
Key events
Russian foreign minister Sergei Lavrov has said Zelenskiy’s “regime” will not make peace.
In a tweet from the Russian embassy in the UK, he is quoted saying:
We have to state that the regime of Zelenskiy is not inclined to make peace.
Its representatives think in terms of war and resort to highly aggressive rhetoric.
There is no talk of ending hostilities.
Russia planning to buy short-range ballistic missiles from Iran, report says
Russia is planning to buy short-range ballistic missiles from Iran, a step that would enhance Moscow’s ability to target Ukraine’s infrastructure, the Wall Street Journal reported on Thursday, citing US officials.
Last year, the White House said it was seeing more indications that Russia and Iran were expanding an unprecedented defence partnership that would help Moscow prolong its war in Ukraine as well as pose a threat to Iran’s neighbours, Reuters reports.
Death toll after Kyiv missile strike last week raised to 32
A missile strike last week killed 32 people in Kyiv, authorities said Thursday, raising the toll of the deadliest attack on the Ukrainian capital since the war began.
The strike took place on 29 December. Russia has in recent days intensified aerial attacks against Ukraine, which says it has enough munition to withstand a few powerful assaults but would soon need more aid, AFP reports.
Serhiy Popko, the head of the Kyiv military administration, said:
The total number of dead as a result of the enemy missile attack on 29 December is 32 people.
Thirty people were wounded, he added. All the 32 killed were in a warehouse, Ukrainian authorities said. Russia says it only targets military infrastructure.
The Kyiv mayor, Vitali Klitschko, had said on Saturday that the 29 December strike was “the largest in terms of civilian casualties.”
Russia had on that day launched 158 missiles and drones over Ukraine, the air force said, in an attempt to overwhelm air defences. The attack killed at least 55 people and wounded 170.
Ukraine has retaliated and the Russian border region of Belgorod faced a wave of attacks over the weekend, with 25 people killed – an unprecedented toll since the beginning of the offensive almost two years ago.
The Nato chief, Jens Stoltenberg, will convene a meeting between Nato diplomats and officials from Ukraine on 10 January, after a recent wave of heavy Russian airstrikes on the country, the transatlantic defence alliance said on Thursday.
The meeting, taking the format of the newly established Nato-Ukraine Council, was being convened at Kyiv’s request after missile and drone attacks on Ukrainian civilians, cities and towns, a Nato spokesperson said.
Russia has intensified attacks over the New Year period, with the Russian president, Vladimir Putin, warning that a Ukrainian airstrike on the Russian city of Belgorod, which Moscow said killed 25 civilians, would “not go unpunished”, according to Reuters.
Polish farmers blockaded the Medyka border crossing with Ukraine on Thursday, private broadcaster Polsat News reported, resuming a protest intended to secure government subsidies for corn and prevent tax increases.
The farmers, who are demanding a written agreement with the government, had suspended their protest at the crossing in southeastern Poland on 24 December after a meeting with the agriculture minister, Czesław Siekierski,Reuters reports.
The protest leader Roman Kondrow was quoted by Polsat News as saying the farmers were happy with talks they had with the minister and the local governor, but that they wanted a formal agreement.
On Wednesday Kondrow said that although Siekierski had provided a note telling the farmers their demands would be met, the prime minister had not given a signed declaration.
“We want to sign a bilateral agreement,” Kondrow told a press conference on Thursday. “If such a thing is created, the protest will be suspended until the demands are implemented.”
Polish truck drivers have been blocking several border crossings with Ukraine since 6 November. They want the EU to reinstate a reciprocal system that requires Ukrainian companies to obtain permits to operate in the bloc.
The Polish prime minister, Donald Tusk, said in December that he believed Warsaw was close to being able to end the truckers’ protest.
Here are some of the latest images from the news wires.
Investigating the cyber-attack on the Ukrainian telecoms company Kyivstar’ is harder because of the wiping of the company’s infrastructure.
Illia Vitiuk, the head of the Security Service of Ukraine’s (SBU) cybersecurity department, said he was “pretty sure” it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyber-attacks in Ukraine and elsewhere, Reuters reports.
A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported.
Russia’s defence ministry did not respond to a written request for comment on Vitiuk’s remarks.
A group called Solntsepyok, believed by the SBU to be affiliated with Sandworm, said it was responsible for the attack.
Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of Trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else.
If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said.
Kyivstar’s CEO, Oleksandr Komarov, said on 20 December that all the company’s services had been fully restored throughout the country. Vitiuk praised the SBU’s incident response effort to safely restore the systems.
Why the hackers chose 12 December was unclear, he said, adding: “Maybe some colonel wanted to become a general.”
Russian hackers inside Ukraine’s biggest telecoms company since at least May – Kyiv spy chief
Russian hackers were inside Ukrainian telecoms company Kyivstar’s system from at least May last year in a cyber-attack that should serve as a “big warning” to the west, Ukraine’s cyber spy chief told Reuters.
The hack, one of the most dramatic since Russia’s full-scale invasion nearly two years ago, knocked out services provided by Ukraine’s biggest telecoms operator for about 24 million users for days from 12 December.
In an interview, Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused “disastrous” destruction and aimed to land a psychological blow and gather intelligence.
He said:
This attack is a big message, a big warning, not only to Ukraine, but for the whole western world to understand that no one is actually untouchable.
He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.
The attack wiped “almost everything”, including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyber-attack that “completely destroyed the core of a telecoms operator.”
For now, we can say securely, that they were in the system at least since May 2023.
I cannot say right now, since what time they had … full access: probably at least since November.
The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said.
A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: “No facts of leakage of personal and subscriber data have been revealed.”
Vitiuk said it had no big impact on Ukraine’s military:
After the major break there were a number of new attempts aimed at dealing more damage to the operator.
Speaking about drone detection, speaking about missile detection, luckily, no, this situation didn’t affect us strongly.
Opening summary
Hello, you join us as we resume the Guardian’s live coverage of the Russian war in Ukraine, which has entered its 680th day. Here are the main points:
-
Nuclear inspectors have been denied access to the main halls of reactors one, two and six at the Russian-occupied Zaporizhzhia power station in Ukraine. Rafael Grossi, director general of the UN’s International Atomic Energy Agency, said inspectors at the plant had for two weeks had no access and were yet to receive 2024 maintenance plans for the plant.
-
Russia and Ukraine have exchanged hundreds of prisoners of war in the biggest single release of captives since Russia’s full-scale invasion in February 2022. Ukrainian authorities said 230 Ukrainian prisoners of war returned home in the first exchange in almost five months. Russia’s defence ministry said 248 Russian servicemen were freed under the deal sponsored by the United Arab Emirates.
-
Oleksandr Kubrakov, Ukraine’s deputy prime minister for restoration, said a family returning from abroad had become the first to conclude a property purchase agreement under a compensation scheme for destroyed housing. “We want those Ukrainians who need it to feel confident applying for governmental support toward repairing houses or buying new property. Especially if this will let them come back to Ukraine from abroad as did this first family.” The house was in Bucha, Kubrakov said.
-
The Polish foreign minister has called on allies to deliver long-range missiles to Ukraine to help Kyiv target Russian “launch sites and command centres”.
-
The Nato support and procurement agency said it would support a group of countries with a contract for up to 1,000 Patriot guidance enhanced missiles.
-
Polish farmers would resume their blockade at a border crossing with Ukraine, Reuters reported. “I will try to convince carriers not to use blockades as a method of defending their interests. We will do everything to effectively protect their interests,” said the Polish prime minister, Donald Tusk.
-
Norway will send two F-16 fighter jets to Denmark to contribute to the training of Ukrainian pilots, the Norwegian defence minister has said.
-
Reports that the US wanted Ukraine to alter its strategy of seeking total victory in its war against Russia were not true, state department spokesperson Matthew Miller said.
