Ukraine in 2nd day of Kyivstar outage after suspected Russia cyberattack

Ukraine on Wednesday entered the second day of limited communications after its largest mobile phone and internet provider was hit by a huge cyberattack, Ukrainian officials and the internet provider said Wednesday.

The company, Kyivstar, shut down all mobile and internet service Tuesday after experiencing what its CEO said was a Russian cyberattack.

The Kyivstar hack is one of the biggest cyberattacks on the civilian telecommunications industry in history, and one of the most influential of the Russia-Ukraine war. Kyivstar’s website is still inaccessible, but an archived version of it from November said it has more than 25 million customers nationwide, more than half the country’s population.

Kyivstar announced Wednesday it had begun to restore service, but Kentik, a company that tracks global internet connectivity, said Kyivstar was operating at a fraction of its normal traffic levels. 

In addition to cutting off communications for millions of Ukrainians, the Kyivstar attack resulted in other critical services shutting down. 

The head of Kyiv’s Regional Military Administration, Ruslan Kravchenko, said on Telegram that the outage disrupted air alert systems in multiple cities, forcing authorities to use backup alarms. Russia launched a missile attack Wednesday morning, Kyiv’s mayor said on his Telegram channel, resulting in 53 people being injured and 20 being hospitalized.

Ukraine’s largest bank, PrivatBank, announced that a lack of functioning internet connection had resulted in some ATMs and point-of-sale terminals not working.

In the city of Liviv, which uses internet-connected smart streetlights, the Kyivstar outage meant that the lights had to be disconnected manually, the City Council said on its website.

Ukrainian authorities, including communications officials and representatives from the Security Service of Ukraine, indicated in emailed statements Wednesday that the culprit was a unit within Russian military intelligence, the GRU, that Western governments and cybersecurity researchers have said is responsible for previous destructive attacks on Ukrainian infrastructure. Russia’s Ministry of Foreign Affairs didn’t respond to a request for comment.

Both the Security Service and State Service of Special Communications and Information Protection of Ukraine noted that a hacker group believed to represent that unit, nicknamed Sandworm, had claimed responsibility on Telegram for the Kyivstar hack, though the agencies stopped short of confirming the claim.

Cybersecurity experts and Western governments have attributed Russia’s most destructive cyberattacks on Ukrainian infrastructure over the past decade to Sandworm, including multiple hacks of power stations and systems related to Ukraine’s elections.