Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services.
The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."
During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27.
"For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November."
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
