For months, Russian Hackers had Secret Access to the Ukrainian Telecom Empire
Ukrainian cybersecurity authorities have revealed that the Russian state-sponsored threat actor, Sandworm, had infiltrated the networks of telecom provider Kyivstar starting from May 2023.
Reuters initially reported the development.
The occurrence, characterized as a “potent cyber intrusion,” initially became known last month, causing disruption to the availability of mobile and internet services for a significant number of consumers. Shortly following the occurrence, a hacking group known as Solntsepyok, which has ties to Russia, claimed responsibility for the security breach.
Solntsepyok is a Russian threat organization that has been evaluated to have connections to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), which is also responsible for operating Sandworm.
The APT actor has a history of launching disruptive cyber strikes. Denmark has accused this hacking group of targeting 22 energy sector companies last year.
Illia Vitiuk, the director of the cybersecurity section of Ukraine’s Security Service (SBU), stated that the Kyivstar hack resulted in the complete destruction of a vast amount of data from numerous virtual servers and computers.
According to him, the incident resulted in the complete destruction of the central operations of a telecommunications operator. He mentioned that the attackers had complete access, most likely starting from November, after initially gaining entry into the company’s infrastructure.
“The attack had undergone meticulous planning over several months,” Vitiuk stated in a communiqué published on the SBU’s official website.
Kyivstar, which has since resumed its activities, stated that there is no indication that the personal data of users has been breached. The method by which the threat actor infiltrated the network is yet undisclosed.
It is important to mention that the corporation has previously rejected suspicions of the attackers’ destruction of its computers and servers as “false.”
The SBU recently announced that it dismantled two internet surveillance cameras that were reportedly compromised by Russian intelligence agencies. These cameras were being used to conduct espionage on the military forces and essential infrastructure in Kyiv, the capital city.
According to the CIA, the intrusion enabled the attacker to remotely manipulate the cameras, modify their viewing perspectives, and link them to YouTube in order to record “all visual data within the camera’s range.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE NEWS HERE