For the first time in the world. Who and how “broke” Kyivstar?

The “disruption” of one of the Ukrainian mobile operators is the largest hacker attack on the telecommunications infrastructure in the world.

24 million subscribers on day two Kievstar was left without communication due to the world’s largest cyber attack on telecom infrastructure. Hackers first “captured” the core of the network, which is responsible for processing traffic between users and services, and only then, in order to reduce the size of the destroyed data, the company’s specialists physically shut down the connection . Read the story about who carried out this attack and how.

Red herrings

The President Kievstar Alexander Komarov in an interview with Forbes said that the “atypical behavior” of the network began at five in the morning on December 12.

“All our focus is aimed at restoring the network, which began to work with large delays. All this created an incredible number of anomalies in these systems,” said Komarov.

Already at 6:30 in the morning, specialists realized that this was a very strong hacker attack on the core of the network and infrastructure, and all these actions, which began at 5 in the morning, were disruptive and aimed really “stop ” in the operator job.

“To simplify everything, the client databases did not respond to the network request for the client profile and its services. And the services began to be automatically disabled,” he explained.

After that, according to Komarov, the company decided to “unplug everything.”

“When you realize that you have an open perimeter of the company and you have to close it, because every minute means more destruction. It is necessary to do to reduce the impact (of the attack – ed.),” he added.

When journalists asked if it was a virus, Komarov replied that he could not answer this question, because law enforcement agencies are conducting an investigation, but added: “To break the network so much, of course, it is necessary ascertain movements within the network. One way or another, but the perimeter has been breached.”

Russian “Soncep”

Now, responsibility for the attack on Kyivstar Russian hackers of the so-called group have taken over Soncepek. Their statement said the team “infiltrated the operator’s network and gained a strong foothold there.” In addition, they said they broke into the company’s internal network infrastructure and allegedly stole clients’ personal data Kievstarincluding full name, passport details and addresses.

The Russian hackers also say that they allegedly destroyed the backups – to confirm this, they provided screenshots of the backups under the control of the server.

Kyivstar, in turn, claimed that the Russians’ statement about the destruction of its computers and servers was fake.

“As we reported earlier, subscriber information and personal data are safe. The systems where this data is stored were not affected by the hacker attack,” the company said in a statement.

As for the screenshots, this, according to the operator, is fake. They describe randomly collected technological data that is not related to subscribers’ personal data Kievstar.

“Friends, the enemy’s strategy is to sow panic. Let’s not let him succeed!” the company added.

Later, the SBU press service confirmed the involvement of Russian hackers in the attack on Kyivstaralthough he did not name a specific group.

“This is a hacker unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, which thus publicly legalizes the results of its criminal activities,” the message said.

Today the SBU continues to document Russia’s cyber attack on Ukraine’s civilian infrastructure as another war crime by the occupiers.

What is the recovery time?

Alexander Komarov said that the company has several scenarios for the continuation of the network.

“It is also basic and optimistic that we will begin to restore customer services. We have partially restored fixed Internet for our home Internet base. Step by step, in the near future we will resume services for the entire fixed Internet client base ,” he explained.

As for mobile services, things get more difficult here. The baseline scenario assumes resumption of service on December 13th.

“But there is a very high level of uncertainty. You restore the functionality of some systems, and new problems begin to appear. Then you need to check this whole system so that there is no enemy software or conditional backdoors left in it, which is left by this attack, then there is an unprotected perimeter. This is a complex iterative process,” said Komarov.

At the same time, the SBU predicted in the morning that on December 13 it is planned to continue the fixed-line Internet for households, as well as start the launch of mobile communications and Internet.

We remind you that according to the sources Correspondent.net v Kievstarthe operator resume process will take a day at best, and up to a week at worst.

New Correspondent.net on Telegram and WhatsApp. Subscribe to our channels Athletistic and WhatsApp