A major cyberattack on Ukraine’s largest mobile operator on Tuesday disrupted a regional air raid warning service and some banking services for Ukrainians, according to the operator and local authorities.
The attack appeared to be one of the more impactful cyberattacks on Ukrainian critical infrastructure since Russia’s full-scale invasion nearly two years ago. It damaged IT infrastructure at mobile operator Kyivstar, forcing the company to shut down network connections to contain the incident, CEO Oleksandr Komarov said on Ukrainian television.
Kyivstar had 24.8 million customers at the end of 2022, according to Ukrainian state information agency Ukrinform.
In the northern Sumy region of Ukraine, air raid services experienced outages, according to the local military administration. “Due to a malfunction of the Kyivstar operator, the air alert system will temporarily be out of service in the territory of Sumy city territorial community,” the Sumy city military administration said in a Telegram post. “While the mobile operator’s specialists are troubleshooting technical issues, the community will be notified during the air raid by patrol police and the State Emergency Service,” the statement said.
Ukraine’s Security Service (SBU) said it had opened a criminal probe into the incident and that one line of inquiry is whether “Russian special services may be behind the hacker attack.”
SBU teams arrived at the company headquarters to begin the investigation and “to document all the circumstances of the attack,” the intelligence service said.
The Russian embassy in Washington, DC, did not immediately respond to a request for comment.
Russian state-backed hackers have launched an array of cyberattacks against Ukrainian critical infrastructure alongside airstrikes and other physical attacks to try to degrade Ukrainian defenses, according to Ukrainian officials, US officials and private experts.
The impact of cyberattacks is difficult to assess because of the fog of war, but Ukraine’s cyber defenses have largely proved resilient, according to independent experts.
As Russian troops invaded Ukraine in February 2022, hackers knocked out service for Viasat, a satellite service provider used by the Ukrainian military in the country. The Biden administration blamed Russia for the hack. Moscow routinely denies involvement in cyberattacks.
“So far, [the Kyivstar incident] seems to be the most effective attack on [critical infrastructure] in Ukraine” since Russia’s full-scale, Victor Zhora, a former top Ukrainian cyber official said on social media platform X.