Russian Hacker Group Claims Responsibility for Cyberattack on Ukraine's Telecom Giant Kyivstar

In a recent cyber onslaught, a Russian hacker collective has asserted its involvement in a large-scale attack on Kyivstar, Ukraine's leading telecommunications operator, as reported by the Security Service of Ukraine (SBU) on December 13.

The assault, which occurred on December 12, targeted Kyivstar and Monobank, one of Ukraine's major financial institutions. Citizens across the nation experienced disruptions in internet services, network outages, and complications with air raid alerts.

Efforts are underway to restore services, with home internet anticipated to be reinstated later on December 13, as per the SBU. Telephone communication and telephone internet are also scheduled to resume on the same day.

The SBU has attributed the cyber offensive to a hacker group allegedly under the command of Russian military intelligence GRU. Russia has faced recurring accusations of supporting cybercrime groups in attacks against its rivals, with previous instances of deploying cyber capabilities against Ukraine, targeting government agencies, the defense sector, and energy infrastructure.

Although the SBU did not disclose the group's name, the Russian hacker collective Solntsepek claimed responsibility in a statement posted on Telegram on December 13.

"We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine, as well as government agencies and law enforcement agencies of Ukraine," the group declared on social media.

Solntsepek asserted that its assault resulted in the "destruction" of 10,000 computers, over 4,000 servers, and all cloud storage and backup systems.

Contrary to Solntsepek's claims, Kyivstar denied the destruction of any computers or servers, emphasizing the security of subscribers' personal data.

However, the SBU acknowledged significant damage to Kyivstar's digital infrastructure as a result of the attack.

Sources at dev.ua reveal that Solntsepek has previously engaged in hostile activities against Ukraine, including the disclosure of personal data belonging to Ukrainian servicemen. Ukraine's cyber defense agency has linked Solntsepek to Sandworm, a hacker group allegedly operated by the GRU.