Russian Hackers Were Inside Ukraine Telecoms Giant For Months (reuters.com) 26
An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.
The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."
Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.
The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."
Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.
Did They Change The Password? (Score:1)
Re: (Score:2, Insightful)
Re: (Score:1)
Putin's like Mr Bean, stumbling his way through Russia's dictatorship with no idea what he's doing.
But that's all it takes to defeat Ukraine in this proxy war.
Re: (Score:1)
You fucken ruzzians are the most laughable morons on the planet. You lie like a snake on glass and kill your own just for jollies. Your tank's turrets fly hundreds of metres into the air when hit by something the size of a grenade. You regularly shoot down your own planes. You prop dead Generals up in zoom conferences to inspire confidence and then murder anybody that shows any grain of success.
You "reward" war widows with a bag of carrots and some frozen fish. You trick foreigners into joining your army and then have them slaughtered for giggles.
The sooner your whole shitbag of a country is turned into wilderness the better for the planet.
Where's Gerasimov by the way?
Bad call, Mystic Megadeath. Not all people ridiculing Banderites are Russian sympathizers. Some don't give a shit about them because they're no threat to us, in fact they're less of a nuisance than the US and its goons.
Gerasimov? Probably dead, like many Russians and even more Ukrainians.
Ukraine has until about the end of 2026 before it surrenders, in the dark with no electricity, no transport infrastructure, and no hope.
Re: (Score:1)
There’s more to the story but my reaction to the headline was “Duh”.
Homeboy over here going “Durr hurr hurr hey guys maybe Russia isn’t doing exactly what any competent cyber unit would be tasked with in their situation”
So what you’re really speculating is that perhaps Russia’s leadership is so drunk and incompetent that they wouldn’t be conducting attacks against infrastructure that could save the lives of thousands of peasant conscripts? Interesting
"Warnings" abound for a long time now (Score:2)
In the IT Security space, there have serious, sometimes severs, practical warnings for at least a decade. Ransomware, supply-chain attacks, compromised critical infrastructure, insecure software, email still works as malware vector, etc. etc.
What happens? Nothing or far too little. Doing something would cost money and means to actually listen to security experts. Hence nothing is done and the situation gets crappier and crappier. Unless and until we get personal (!) criminal liability for the C-levels that
Shh, don't tell them (Score:4, Insightful)
But Ukrainian hackers have been in Russian telcos for about the same time.
Only difference, Russian telcos don't have the blue team to detect it, because they've been sent to the frontlines by now.
Re: (Score:1)
Re: (Score:1)
I'll pass! The non-Western world is not interested in fighting in your stupid civil war.
And the West doesn't look as interested any more. I'll hazard a guess: Ukraine will surrender by Dec. 2026.
If not, I'll quit.
Re: (Score:2)
I frankly don't know a single Ukrainian security expert that is still in Ukraine...
Re: (Score:1)
This doesn't end until moscow and st.pete. are erased from Earth.
And the worst fate ever experienced will befall those that support the vatniks.
Whew! Lucky I'm part of the silent majority in the world who are just eating popcorn and wondering why any Ukrainian with a brain would trust the US in a civil war.
Maybe you get one of Zelensky's goons to ask the Kurds whether the US can be relied upon to honor their promise of continuing financial and military support.
Re: (Score:1)
Yes, I'm sure they would be much better off relying on the orcs that invaded them. Silly vatniks.
Nope, can't trust the Russians, can't trust the USA or NATO.
IOW, Ukraine is fucked and it could have been avoided many years ago.
So, now they can sit around in the dark, cold and hopeless, regretting what could have been.
Attack Surface (Score:2)
The headline/plot reminds me of Cory Doctorow's Attack Surface. Good book.
-bZj