"We, Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar." We destroyed 10,000 computers, more than 4,000 servers, all cloud data storage and backup systems," group posted on its Telegram channel.
Russian hackers explained that they attacked "Kyivstar" because "the company provides communications to the Armed Forces, as well as state bodies and power structures of Ukraine."
They also threatened cyberattacks on other companies that help the Ukrainian army.
Earlier, other Russian hackers from the KILLNET group claimed responsibility for the attack on Kyivstar. On December 12, they stated this in their telegram, but did not provide any evidence.
On December 12, the Security Service of Ukraine named the Russian trail as one of the versions of the attack. Proceedings were immediately opened there under eight articles of the Criminal Code of Ukraine, including unauthorized interference in the operation of information systems, treason, sabotage and waging an aggressive war.
On December 13, the special service clarified its position.
"One of the Russian pseudo-hacker groups has already claimed responsibility for the attack. It is a hacking unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (better known as the GRU), which in this way publicly legalizes the results of its criminal activities," the SBU said in a statement.
The interlocutor of the BBC in the special service specified that it was about Solntsepek.
"The SBU continues to document the Russian cyberattack on the civilian infrastructure of Ukraine as another Russian war crime," the SBU said.
In the evening of December 12, "Kyivstar" announced that it hopes to resume its services on December 13. However, the director of the company in a conversation with journalists suggested that the restoration of communication may take more time.
At the same time, "Kyivstar" home Internet subscribers are already reporting about the restoration of the service.
Officially, the Russian authorities did not comment on the attack on "Kyivstar".
"Solntsepek"
"Kyivstar" is perhaps not the first object of attack by Russian hackers "Solntsepeka".
In the spring of this year, the group actively published information about harming various Ukrainian structures, including the websites of Suspilny, Channel 24, Ukrainian providers, the Ministry of Infrastructure, and the Southern Mining and Processing Plant.
The specialized IT publication DEV.UA wrote that "Solntsepek" can supervise the Main Intelligence Directorate of Russia.
The group's activities are also linked to the Kremlin-backed hacker group Sandworm, the newspaper reported citing its sources in the State Intelligence Service.
"Sandworm is an elite unit of Russian hackers that works for the Kremlin. It was the one that spread the NotPetya virus, which destroyed data on the computers of commercial and government structures all over the world, causing losses of $10 billion with just one sabotage," DEV.UA notes and adds that Sandworm is subordinate to the Main Intelligence Directorate of Russia.
What is known about the attack on "Kyivstar" and when there will be communication
On the morning of December 12, one of the largest mobile operators in Ukraine - "Kyivstar" - experienced a technical failure.
Later, the company confirmed that it had become a victim of a "powerful hacker attack".
The general director of the company Oleksandr Komarov said that part of the virtual IT infrastructure was destroyed.
The outage affected communications, the Internet, the operation of bank terminals and automatic systems in some regions, such as alerts or turning off street lights in the morning.
The company involved law enforcement officers and special services to record the consequences of work interference.
According to Komarov, personal data of subscribers are not compromised, specialists are working on troubleshooting.
"We did not see any atypical traffic behavior. Our basic version is that the goal is to destroy the infrastructure, to lay the critical infrastructure of the country. Perhaps in order to discredit the president's visit to the USA, to add something to the energy blackouts, to influence the morale of Ukrainians through other levers," Komarov said in an interview with Forbes.UA.
He also did not specify the exact time frame for the complete restoration of the infrastructure after the attack by Russian hackers, although the company's press service promised to overcome the problems as early as December 13.
"This is the most difficult question today because I don't want to speculate on it. We have several scenarios."
According to preliminary calculations, it is planned to restore fixed Internet for households on December 13, as well as start the launch of mobile communication and Internet.
"Baseline scenario - I hope we start restoring this service tomorrow (December 13). But there is a very large level of uncertainty. You restore the performance of some system, and you start to have new problems," said the director.
The State Special Communications Service also clarified on December 13 why internal roaming between mobile operators does not work.
"In order to avoid overloading the networks of other operators, at the request of the SBU, the National Center for Operational and Technical Management of Telecommunications Networks issued an order to temporarily block the national roaming service for Kyivstar subscribers," the department said.
Therefore, clients of "Kyivstar" cannot currently switch to the network of other operators.
Cyber specialists of the Security Service of Ukraine and "Kyivstar" specialists, in cooperation with other state bodies, continue to restore the network after yesterday's hacker attack.
