Russia-linked hackers claim cyberattack on Ukraine’s mobile networks: ‘Be prepared’

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

A hacking group allegedly connected to Russian military intelligence carried out a cyberattack on Ukraine’s biggest mobile network operator offline, officials in Kyiv’s cyber defence agency said.

Ukraine’s Kyivstar, which provides cellular and internet services to 24.3 million mobile subscribers and over 1.1 million home internet users, came under a deadly cyberattack on Tuesday. It silenced air raid alerts in some parts of Ukraine at a time Russia started firing ballistic missiles on civilian regions, wiped out services, and damaged IT infrastructure.

A group of activist hackers or “hacktivists” called Solntsepyok was identified as a front for a Russian hacking group dubbed "Sandworm" which has been previously linked to Russia’s GRU military intelligence agency, the State Service of Special Communications and Information Protectorate (SSSCIP) had said earlier this year.

In its Telegram post, Solntsepyok shared screenshots and said it destroyed more than 10,000 computers and 4,000 servers in the attack against Kyivstar, including its cloud storage and backup systems.

"We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as state bodies and Ukraine’s security forces," the post said. "To the other offices helping the Ukrainian Armed Forces: be prepared!"

A source close to Kyivstar said military communications have not been affected by the attack.

Sandworm is known as one of Russia’s most powerful hacking groups, responsible for carrying out cyberattacks against Kyiv’s energy sector.

"Responsibility for the cyberattack was taken by one of the Russian groups, whose activities are associated with the main directorate of the General Staff of the Armed Forces of the Russian Federation," said Ukraine’s SSSCIP referring to Russia’s GRU.

It added that an expert group was looking into the cyberattack with the SBU intelligence agency.

"This once again confirms Russia’s use of cyberspace as one of the domains of the war against Ukraine," it said, without naming the group that has claimed responsibility.

A representative of the group confirmed the responsibility for the attack and referred to the documents by Kyivstar posted to their Telegram channel.

The attack on Tuesday is one of the biggest cyber attacks since Russia launched its invasion of Ukraine in February last year.