Major cyberattack on Ukrainian mobile operator disrupts banking services and air raid sirens

Photo courtesy of CNN

Photo courtesy of CNN

Originally Published: 12 DEC 23 16:42 ET

(CNN) — A major cyberattack on Ukraine’s largest mobile operator on Tuesday disrupted a regional air raid warning service and some banking services for Ukrainians, according to the operator and local authorities.

The attack appeared to be one of the more impactful cyberattacks on Ukrainian critical infrastructure since Russia’s full-scale invasion nearly two years ago. It damaged IT infrastructure at mobile operator Kyivstar, forcing the company to shut down network connections to contain the incident, CEO Oleksandr Komarov said on Ukrainian television.

Kyivstar had 24.8 million customers at the end of 2022, according to Ukrainian state information agency Ukrinform.

In the northern Sumy region of Ukraine, air raid services experienced outages, according to the local military administration. “Due to a malfunction of the Kyivstar operator, the air alert system will temporarily be out of service in the territory of Sumy city territorial community,” the Sumy city military administration said in a Telegram post. “While the mobile operator’s specialists are troubleshooting technical issues, the community will be notified during the air raid by patrol police and the State Emergency Service,” the statement said.

Ukraine’s Security Service (SBU) said it had opened a criminal probe into the incident and that one line of inquiry is whether “Russian special services may be behind the hacker attack.”

SBU teams arrived at the company headquarters to begin the investigation and “to document all the circumstances of the attack,” the intelligence service said.

The Russian embassy in Washington, DC, did not immediately respond to a request for comment.

Russian state-backed hackers have launched an array of cyberattacks against Ukrainian critical infrastructure alongside airstrikes and other physical attacks to try to degrade Ukrainian defenses, according to Ukrainian officials, US officials and private experts.

The impact of cyberattacks is difficult to assess because of the fog of war, but Ukraine’s cyber defenses have largely proved resilient, according to independent experts.

As Russian troops invaded Ukraine in February 2022, hackers knocked out service for Viasat, a satellite service provider used by the Ukrainian military in the country. The Biden administration blamed Russia for the hack. Moscow routinely denies involvement in cyberattacks.

“So far, [the Kyivstar incident] seems to be the most effective attack on [critical infrastructure] in Ukraine” since Russia’s full-scale, Victor Zhora, a former top Ukrainian cyber official said on social media platform X.

Asked to elaborate, Zhora told CNN that “even the Viasat attack didn’t have such an impact.”  Zhora was sacked last month from Ukraine’s State Service of Special Communications and Information Protection amid a probe into alleged embezzlement at the agency. He denies wrongdoing.

Multiple Ukrainians contacted by CNN on Tuesday said their mobile phone service was disrupted by the incident, or that they knew a friend or relative who had had service disrupted.

Taras Vasyliv, who works Ukraine’s power grid operator, told CNN that he has had to use WiFi to communicate on his phone and that he’s planning to buy a SIM card from another mobile operator so he can get cell service. The hacking incident has not impacted grid operations, he said.

CNN’s Victoria Butenko, Svitlana Vlasova and Benjamin Brown contributed reporting.

™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.