On the morning of December 12, users from various regions of Ukraine began reporting issues with connectivity and internet services on the mobile operator Kyivstar. The company acknowledged that a technical glitch had occurred.
The company promptly engaged representatives of law enforcement and special state services to document the circumstances and consequences of unlawful actions aimed at interfering with the network’s operations.
As of 12:00 on December 12, subscribers’ personal data remains uncompromised, and experts are working to mitigate the effects of the attack for the swift restoration of communication and service provision.
British intelligence views this cyberattack as one of the most destructive operations since the full-scale invasion of Russia into Ukraine began. In response to the hacking attack on Kyivstar, the Security Service of Ukraine (SBU) has initiated a criminal investigation under eight articles of the criminal code.
The disruption in the operations of the country’s largest operator has also affected other businesses. Major banks in Ukraine have reported issues with their services due to a significant outage in Kyivstar’s services. A small portion of Oschadbank’s ATMs, POS terminals, and informational-payment terminals have become non-functional, and the full restoration of their operations depends on resolving the Kyivstar outage.
Additionally, PrivatBank has encountered issues, stating that due to difficulties with Kyivstar’s operations, some POS terminals, ATMs, and self-service terminals may work unstably or lose connectivity altogether. According to bank representatives, up to 5% of ATMs, up to 10% of self-service terminals, and up to 30% of POS terminals rely on Kyivstar.
In turn, Raiffeisen Bank has also reported problems with POS terminals in store cash desks, advising customers to use the services of other banks or make cash transactions.
PUMB (First Ukrainian International Bank) has experienced difficulties with the authentication of certain transactions due to issues with receiving SMS and push notifications with authentication codes, a consequence of the Kyivstar outage.
Beyond the direct impact on the banking system, an intensification of hacker activity against banking infrastructure has been observed. A massive DDoS attack on the mobile bank monobank was successfully repelled in less than an hour, underscoring the heightened cybersecurity threats in the context of cyberattacks on mobile operators.
The taxi service “Uklon” has reported a noticeable decrease in order activity due to a significant number of customers being left without communication.
The disruption in Kyivstar’s operations has also impacted the civil defense system for the population. Specifically, this has temporarily disabled the air alarm notification system in the Sumy region and certain cities in the Kyiv region, including Bucha, Irpin, Vyshneve, Berezan, Skvyra, Rzhyshchiv, Tarashcha, and Volodarka.
This cyberattack is not the first in Ukraine’s history. The war on the cyber front has been ongoing since 2015 when part of the energy system was compromised using the BlackEnergy Trojan program. In 2016, hackers targeted the telecommunications networks of government institutions, and in June 2017, the Petya.A virus affected over a hundred companies and organizations.
