In what appears to be the largest cyberattack of the war with Russia so far, Ukraine's largest mobile network operator, Kyivstar, was targeted, causing widespread disruptions to mobile and internet services. The attack also affected the air raid alert system in parts of the Kyiv region. The CEO of Kyivstar, Oleksandr Komarov, attributed the attack to the ongoing war with Russia but did not specify the responsible Russian body. The Ukrainian intelligence agency, SBU, is currently investigating the possibility of a cyberattack conducted by Russian security services.

Breaking news: 🇷🇺🇺🇦Urgent statement from the Ukraine mobile operator.

Kyivstar IT infrastructure is partially destroyed. This is strong!!! pic.twitter.com/62wpNUiE7x

— Тоби айоделе -Tboy🇷🇺 🇳🇬 (@TobiAyodele) December 12, 2023

With 24.3 million mobile subscribers, which is more than half of Ukraine's population, and over 1.1 million home internet subscribers, Kyivstar plays a crucial role in the country's telecommunications infrastructure. However, the company's IT infrastructure has been partially destroyed, making it uncertain when connection will be fully restored. Komarov stated in a national television broadcast that the cyberattack was a result of the ongoing war with Russia. He expressed regrets over the attack and emphasized that "war is also happening in cyberspace." He did not explicitly name the Russian body responsible for the attack. Komarov added that the company had shut down Kyivstar physically to prevent further access by the enemy.

The Ukrainian intelligence agency, SBU, is investigating the possibility of a cyberattack conducted by Russian security services. While Russia's foreign ministry has not provided a comment regarding the attack, a source close to Ukraine's cyber defense suspects that Russia is the state actor behind the attack. The source mentioned that data cable interception showed a significant amount of Russian-controlled traffic directed at these networks. Additionally, the cyberattack affected air raid alert systems in more than 75 settlements in the Kyiv region.

Governor Ruslan Kravchenko stated that patrol police and State Emergency Service crews would be working in those settlements to ensure the announcement of aerial danger through loudspeakers. Kyivstar, owned by Amsterdam-listed mobile telecoms operator Veon, is cooperating with law enforcement bodies and working to repair the outage. The impact on the company's financials is yet to be quantified. Two databases containing customer data were damaged and locked, but Kyivstar assured customers that their personal data had not been compromised and promised to compensate them. This cyberattack on Kyivstar is one of the biggest hacks to have hit Ukraine since Russia's invasion in February 2022. It disrupted thousands of satellite internet modems across Europe at the start of the war.

In response to the outage, some people rushed to connect to other network providers, with a small queue of customers forming at a store for Vodafone, Kyivstar's largest competitor. Other Ukrainian companies have also reported cyberattacks following the Kyivstar incident. Monobank, a major Ukrainian payment system, suffered a distributed denial of service (DDoS) attack, but they successfully defended against it. PrivatBank and Oschadbank, two major Ukrainian financial institutions, reported that some of their ATMs and card terminals were affected by the Kyivstar outage. Ukrainian state bodies and companies have frequently accused Russia of orchestrating cyberattacks against them in the past. The investigation into the Kyivstar attack will hopefully shed light on the responsible party and its motivations.