If we learn anything from Russia’s criminal war of aggression against Ukraine, it is that lulling yourself into a false sense of security can be devastating. No one knows this better than Ilia Vitiuk.
Vitiuk is a high-ranking member of the Ukrainian security service SBU. He heads the cybersecurity division of the domestic intelligence service. And in this role, he has insider knowledge of the largest hacker attack on civilian infrastructure to date.
Now the experienced secret service agent has given an exclusive interview to journalists from the Reuters news agency and has come to an alarming conclusion.
The Ukrainian intelligence officer emphasizes that Kyivstar is “a prosperous private company” that has already invested heavily in cybersecurity. Nevertheless, the attack caused “catastrophic destruction” on December 12, 2023. The attackers aimed to inflict a serious psychological blow on the country.
The December 12 attack destroyed “almost everything” at Kyivstar, Vitiuk said, “including thousands of virtual servers and PCs.” This is probably the first example of a cyber attack that “completely destroyed the core of a telecommunications company.”
The destruction of the Kievstar network began around 5 a.m. local time, when Ukrainian President Volodymyr Zelensky was in Washington and asked the West to continue aid deliveries.
The attack on the network was not accompanied by a major missile or drone attack, Vitiuk said. As a result, the damage was limited.
In fact, 24 million Ukrainians were directly affected by a power outage that lasted several days. Many tried to switch to another provider. This should have been possible relatively quickly, at least for people who have a smartphone with E-SIM functionality. This also caused the competition to have network problems.
For about 1.1 million people, changing providers was not an option: according to Vitiuk, they live in small towns and villages where only the Kyivstar network exists.
But there were also problems in large centers: in the capital Kiev, for example, alarm systems temporarily failed, and in Zaporizhia in the south of the country payment terminals no longer worked. And in the Chernihiv region in the north, street lighting was partially out. The attack had “no major impact” on the Ukrainian army and its warfare, Illia Vitiuk assures.
He further explained that the SBU helped Kyivstar restore its systems within a few days and fend off new cyber attacks. There have been a whole series of new attack attempts. Without success.
Kievstar CEO Oleksandr Komarov said on December 20 that all company services had been fully restored across the country.
Around the same time, Ukrainian hackers responded with a cyberattack on Moscow’s water company Rosvodokanal, reportedly destroying the company’s IT infrastructure. The attack is said to have taken place with the support of the SBU.
The attack on Kievstar may have been facilitated by agreements with Russian mobile operator Beeline, which has similar infrastructure.
However, the forensic investigation into the attack is difficult because Kievstar’s infrastructure was destroyed.
During the subsequent investigation, the SBU determined that Russian hackers had likely attempted to break into the Kievstar network in March or earlier.
The SBU believes that the administrative access rights they obtained also allowed the hackers to steal personal data, determine the location of mobile devices, intercept text messages and possibly hijack Telegram accounts.
Apparently, the SBU is still investigating how the hackers were able to break into the Kyivstar network and what attack tools they used. It could be phishing, a manipulated email message, an inside job or something else.
A Russian hacktivist group called Solntsepyok claimed responsibility for the attack on the messaging service Telegram and published screenshots as evidence.
In fact, there are many signs pointing to Sandworm – the elite hacker unit 74455, part of the Russian military intelligence service GRU, also known as Voodoo Bear.
Vitiuk told Reuters he was “pretty sure” it was a sandworm operation. The experts from the American IT security company CrowdStrike also reach a similar opinion.
The Russian government itself has denied any involvement in the cyber attacks.
According to Vitiuk, Sandworm hackers penetrated the network of a Ukrainian telecom provider a year ago. However, they were exposed because the SBU itself was in Russian systems. This previous hacker attack has only now been made public.
If Russia fails to disrupt the power supply with cyber attacks, missile attacks would be the solution. And then Ukrainians are forced to resort to generators and devices like Starlink to keep these devices connected. This gives Russia more opportunities to attack vulnerabilities.
Vitiuk has so far avoided reinforcing fears that Russia could launch massive cyberattacks against Western companies over its support for Ukraine. In an exclusive interview in September 2023, he pointed out Russia’s limited human resources.
In October 2023, months before the Kievstar attack, Vitiuk gave an exclusive interview to the American media The Record. And in it, the Ukrainian intelligence officer pointed out the increased threat of cyber warfare. Russia is building a national cyber offensive program.
We were aware of the activities of Russian elite hackers working for special services such as the GRU (military intelligence), the FSB (security service) and the SVR (foreign intelligence service), but now we are seeing a new approach, Vitiuk warned. In Russian military educational institutions, students are systematically taught how to carry out cyber attacks.
According to available data, Russia’s cyber offensive program was launched five years ago. And the effects have now become clear: in 2020, Ukraine recorded 800 attacks on its infrastructure. And in 2022 – in the first year of the large-scale invasion – there were already 4,500 attacks.
The national cyber offensive program is increasingly becoming a problem for the West as Russia attracts more and more IT specialists, Vitiuk said. They had more resources and could also attack other countries, “not just Ukraine or low-level DDoS attacks on Estonia, Lithuania or NATO websites.”
The German think tank DGAP has already warned Western states of a direct attack by Russia on NATO, “in just six to ten years.” However, Poland’s National Security Service was even more urgent, estimating that Russia could potentially attack NATO in less than 36 months.
In 2012, he graduated with honors from the Kiev University of Economics in the field of international economics. Since November 2021, he has headed the SBU’s cyber and information security department. He previously worked for a while as a professional martial artist, specializing in mixed martial arts.
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
On the same day of the terrorist attack on the Krokus City Hall in Moscow,…
class="sc-cffd1e67-0 iQNQmc">1/4Residents of Tenerife have had enough of noisy and dirty tourists.It's too loud, the…
class="sc-cffd1e67-0 iQNQmc">1/7Packing his things in Munich in the summer: Thomas Tuchel.After just over a year,…
At least seven people have been killed and 57 injured in severe earthquakes in the…
The American space agency NASA would establish a uniform lunar time on behalf of the…
class="sc-cffd1e67-0 iQNQmc">1/8Bode Obwegeser was surprised by the earthquake while he was sleeping. “It was a…