Russian hackers successfully infiltrated the system of Kyivstar, Ukraine’s largest telecoms operator, in a destructive cyberattack that caused extensive damage and served as a warning to the West. The attack disrupted services for around 24 million users for several days in December. Ukraine’s cyber spy chief, Illia Vitiuk, revealed that the hackers had access to the system since at least May 2023, with full access from November onwards. This attack is seen as a clear message that no one is untouchable, with Kyivstar being a targeted wealthy and well-protected private company. The extent of the destruction caused by the attack was unprecedented, wiping out virtual servers, PCs, and other infrastructure. Vitiuk noted that it was likely the first instance of a cyberattack that completely destroyed the core operations of a telecoms operator. The attack was aimed at inflicting psychological damage and gathering intelligence. The hackers had the potential to steal personal information, track phone locations, intercept SMS messages, and gain unauthorized access to Telegram accounts. The Security Service of Ukraine (SBU) helped Kyivstar restore its systems and repel further attacks. The scale of the attack led to long queues as people rushed to buy alternative SIM cards. The attack also impacted services reliant on Kyivstar SIM cards, such as ATMs and air-raid sirens. Fortunately, Ukraine’s military was not severely affected as it relies on different protocols and algorithms for its operations. The SBU believes the attack was carried out by Sandworm, a Russian military intelligence unit known for its cyberattacks in Ukraine and elsewhere. Vitiuk stated that the attack on Kyivstar demonstrated that telecoms operators remain targets of Russian hackers. The SBU has successfully thwarted thousands of major cyberattacks on Ukrainian governmental bodies and critical infrastructure in the past year. While the investigation into the attack is ongoing, Vitiuk suspects that the hackers used a trojan horse or phishing techniques to breach Kyivstar’s system. He also mentioned the possibility of an insider providing assistance to the hackers. The attack further highlighted the vulnerabilities within the cybersecurity infrastructure of telecoms operators. Kyivstar’s CEO stated that all services had been fully restored, thanks to the SBU’s incident response efforts. The attack on Kyivstar underscored the need for increased vigilance and robust cybersecurity measures within the telecommunications industry.