Ukraine's largest mobile operator experienced a significant cyberattack on Tuesday, leading to disruptions in a regional air raid warning service and various banking services for Ukrainians. According to the operator and local authorities, this attack is one of the most impactful cyberattacks on Ukrainian critical infrastructure since Russia's full-scale invasion nearly two years ago. The IT infrastructure at the mobile operator Kyivstar was damaged, resulting in the company having to shut down network connections to contain the incident, as reported by CEO Oleksandr Komarov on Ukrainian television.
Kyivstar's customer base at the end of 2022 was reported to be 24.8 million by the Ukrainian state information agency Ukrinform.
In Ukraine's Sumy region, the local military administration reported that air raid services experienced outages. A malfunction of the Kyivstar operator was cited as the cause, temporarily disabling the air alert system in the Sumy city territorial community. As mobile operator specialists work to resolve the technical issues, the community will be notified during air raids by patrol police and the State Emergency Service, according to a statement by the Sumy city military administration on Telegram.
Ukraine's Security Service (SBU) has initiated a criminal investigation into the incident, including the possibility of involvement by Russian special services. SBU teams have been deployed to the company headquarters to conduct a thorough investigation and document all details of the attack.
The request for comment sent to the Russian embassy in Washington, DC, went unanswered. According to Ukrainian officials, US officials, and private experts, Russian state-backed hackers have carried out multiple cyberattacks on Ukrainian critical infrastructure in conjunction with physical attacks in an attempt to weaken Ukrainian defenses.
Ukraine's cyber defenses have shown resilience, despite the challenges of assessing the impact of cyberattacks in the midst of conflict. Independent experts have noted the difficulty of determining the true impact of such attacks due to the fog of war. In February 2022, as Russian troops invaded Ukraine, hackers disrupted service for Viasat, a satellite service provider utilized by the Ukrainian military. The Biden administration attributed the hack to Russia, although Moscow consistently denies involvement in cyberattacks.
"The Kyivstar incident appears to be the most impactful attack on critical infrastructure in Ukraine to date," stated Victor Zhora, a former top Ukrainian cyber official. "Even the Viasat attack did not have such a significant impact." Zhora, who was recently dismissed from Ukraines State Service of Special Communications and Information Protection, denies any wrongdoing amid allegations of embezzlement at the agency.
Several Ukrainians interviewed by CNN on Tuesday reported experiencing disruption in their mobile phone service as a result of the incident, or knew someone who had been affected. Taras Vasyliv, an employee at Ukraine's power grid operator, stated that he had to resort to using WiFi for phone communication and is considering purchasing a SIM card from a different mobile operator in order to regain cell service. He assured CNN that the hacking incident has not affected grid operations.
CNNs Victoria Butenko, Svitlana Vlasova and Benjamin Brown contributed reporting.