Ukrainian cybersecurity officials have revealed that the Russian state-sponsored threat actor known as Sandworm was inside the systems of telecom operator Kyivstar since at least May 2023.
The development was first reported by Reuters.
The incident, described as a “powerful hacker attack”, first came to light last month, disrupting access to mobile and internet services for millions of customers. Soon after the incident, a Russia-linked hacking group called Solntsepyok claimed responsibility for the breach.
Solntsepyok has been identified as a Russian threat group with affiliations to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), which also operates Sandworm.
Advanced persistent threat (APT) actors have a track record of carrying out disruptive cyberattacks, with Denmark accusing the hacking organization of targeting 22 energy sector companies last year.
Illia Vitiuk, head of the security service of the Cybersecurity Department of Ukraine (SBU), said that the attack against Kyivstar wiped out almost everything from thousands of virtual servers and computers.
The incident “completely destroyed the core of a telecom operator,” he said, noting that the attackers were likely to have had full access since at least November, months after gaining an initial foothold in the company’s infrastructure.
“The attack was meticulously prepared over the course of several months,” Vitiuk said in a statement shared on the SBU website.
Kyivstar, which has since restored its operations, said there was no evidence that customers’ personal data had been compromised. It is currently unknown how the threat actor entered its network.
It is noteworthy that the company had earlier dismissed as “false” the speculations about the attackers destroying its computers and servers.
The disclosure comes as the SBU revealed earlier this week that it took down two online surveillance cameras that were allegedly hacked by Russian intelligence agencies to spy on the defense forces and critical infrastructure in the capital city of Kyiv.
The agency said the agreement allowed the rival to gain remote control of the cameras, adjust their viewing angle, and connect to YouTube to capture “all visual information in range of the cameras.”
31 comments
A top resource in India.
My top crypto website in Singapore.
Highly recommended crypto platform.
My expert opinion: this crypto site is reliable.
Very reliable crypto service.
Appreciate the regular updates greatly.
Super easy crypto platform to navigate.
Smooth site, excellent performance.
Excellent resource in crypto.
Alpaca Finance
Why Use Hyperliquid?
hyperliquid
Consistent high-quality crypto service.
Ideal for business crypto management.
Excellent choice for Amsterdam crypto traders.
Matcha Swap
Hyperliquid App
MultiChain
What Is Hyperliquid?
Top 5 Strategies to Maximize Returns on Hyperliquid in 2025
Expert traders consider this platform essential.
Perfect crypto app for mobile users.
ticket flipping
newest bitcoin casinos 2025
Spooky Swap
Mantle Bridge
ParaSwap
AI Trading Bot Crypto trading bot ai crypto trading bot
Trading psychology influences decision making
Need simpler guides asap
Liquidity mining can be profitable but risky