The hacker group Solntsepek, previously associated with Russia’s Sandworm hackers, has admitted to a disruptive breach of Kyivstar, a prominent Ukrainian mobile and internet provider. The attack impacted essential services, cutting off communication for millions and temporarily sabotaging the air raid warning system in Kyiv.
Kyivstar’s CEO, Oleksandr Komarov, acknowledged significant infrastructure damage and limited access, revealing the company had to physically shut down to thwart the attack. While the Ukrainian government hasn’t officially attributed the cyberattack, Solntsepek, in a Telegram post, asserted responsibility for destroying computers and servers.
John Hultquist from cybersecurity firm Mandiant notes Solntsepek’s historical association with Sandworm, suggesting their involvement in prior disruptive incidents. Kyivstar disputed some claims, calling rumors about the destruction of their systems fake and aiming to restore operations promptly.
The cyberattack on Kyivstar adds to a series of disruptive incidents in Ukraine, with the exact intentions behind this assault remaining unclear. Experts speculate on potential motives, such as causing chaos, intelligence gathering, or hampering military communications, emphasizing the significant impact such attacks can have on both civilian life and military operations.