Kyivstar allocates $90M to deal with cyberattack


Ukraine's leading mobile operator, Kyivstar, has allocated $90 million to deal with a December 2023 Russian cyberattack on its services, which it said had hit its growth.

The hack, described by its CEO as the biggest cyberattack on telecoms infrastructure in the world, struck Kyivstar in December, damaging infrastructure and disrupting mobile phone signals for millions of Ukrainians.

Kyivstar’s core systems were destroyed during the most violent stage of the attack, months after the initial infiltration. Hackers wiped out thousands of virtual servers and computers while destroying the center of the telecommunications operator.

"Before the cyberattack, we were moving with an increase of 11%-12% quarter-on-quarter in 2023. The cyberattack ate up about 3% of annual growth," CEO Oleksandr Komarov told the Interfax-Ukraine news agency.

He gave no additional details about what aspect of growth that referred to. Kyivstar did not immediately reply to a request for comment.

Komarov said the mobile operator allocated 3.6 billion hryvnia ($90.76 million) to deal with the aftermath of the attack. It went towards repairing damage, strengthening the system, and funding a loyalty program for clients.

Kyivstar, owned by Amsterdam-listed mobile telecoms operator Veon, has 24.3 million mobile subscribers, as well as more than 1.1 million home internet subscribers.

Kyiv's then-cyber spy chief said at the time he was confident the attack was carried out by Sandworm, a Russian military intelligence cyberwarfare unit. Solntsepyok, a group believed by Ukraine to be affiliated with Sandworm, claimed responsibility. Russia has not commented on the attack.

Sandworm is a prolific state-sponsored advanced persistent threat (APT) group that has conducted various cyberattacks on Ukraine. This includes an attempt to spoof the results of the 2014 election by attacking the Ukrainian Central Election Commission.

The hacker collective is also notorious for orchestrating the first-ever blackout triggered by hackers on the Ukrainian power grid, which left roughly 260,000 people without power in October 2022.