SBU identifies Russian hackers who attacked Kyivstar
4 April 2024 14:42
The SBU identified the Russian GRU hackers who attacked Kyivstar. The case file is to be transferred to The Hague. This was reported by Komersant ukrainskyi 
with reference to the SBU press service.
After all the examinations are completed and suspicions are announced, the materials of this investigation will be transferred to the International Criminal Court in The Hague.
“We are working to serve suspicion notices under our law and then transfer these cases to the ICC. War criminals must be tried at the international level!”
– said Ilya Vitiuk, Head of the SBU Cyber Security Department.
He added that cyber attacks on civilian infrastructure should be recognised as war crimes by the Russian Federation.
The SBU has established that the attack on Kyivstar was carried out by the SandWorm hacker group, which is a regular unit of the Russian GRU. Forensic examinations are ongoing. The special service has submitted requests for additional information from international partners.
According to Vitiuk, all members of the vertical involved in the attack are being investigated.
“Not only a specific hacker should be held accountable for what he did, but also, at a minimum, the head of the military unit and the leadership of the special service that carried out the destructive activity,”
– said the head of the DCIB.
Vitiuk stressed that there are only three cases in the world where hackers have been served with suspicion notices for cyberattacks on infrastructure, and one of them was the result of the SBU’s work.
He said that in general, during a full-scale war, the Security Service blocks 4,500 cyberattacks every year. The Armed Forces of Ukraine and the Ministry of Defence are a special priority in cyber defence, as enemy attempts to interfere with military systems are taking place regularly.
In addition to cyberattacks, Russian special services conduct IPSO to discredit the command of the Defence Forces. These include information attacks and attempts to hack official accounts and create fake pages. The enemy also conducts similar discrediting attacks against SBU employees, who regularly receive threats of physical violence, letters with signs of recruitment and blackmail. There were also fake news stories about Vityuk himself.
Last year, on 12 December, Kyivstar, the largest mobile operator in Ukraine, suffered a cyberattack that lasted for at least 48 hours, affecting the company’s mobile and data services. As a result of the cyber attack, more than half of Ukraine’s population was left without mobile and internet connectivity. Kyivstar said that no personal data of customers was leaked.
