"Solntsepek": who is behind the hackers who attacked "Kyivstar"

"We, Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar." We destroyed 10,000 computers, more than 4,000 servers, all cloud data storage and backup systems," group posted on its Telegram channel.

Russian hackers explained that they attacked "Kyivstar" because "the company provides communications to the Armed Forces, as well as state bodies and power structures of Ukraine."

They also threatened cyberattacks on other companies that help the Ukrainian army.

Earlier, other Russian hackers from the KILLNET group claimed responsibility for the attack on Kyivstar. On December 12, they stated this in their telegram, but did not provide any evidence.

On December 12, the Security Service of Ukraine named the Russian trail as one of the versions of the attack. Proceedings were immediately opened there under eight articles of the Criminal Code of Ukraine, including unauthorized interference in the operation of information systems, treason, sabotage and waging an aggressive war.

On December 13, the special service clarified its position.

"One of the Russian pseudo-hacker groups has already claimed responsibility for the attack. It is a hacking unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (better known as the GRU), which in this way publicly legalizes the results of its criminal activities," the SBU said in a statement.

The interlocutor of the BBC in the special service specified that it was about Solntsepek.

"The SBU continues to document the Russian cyberattack on the civilian infrastructure of Ukraine as another Russian war crime," the SBU said.

In the evening of December 12, "Kyivstar" announced that it hopes to resume its services on December 13. However, the director of the company in a conversation with journalists suggested that the restoration of communication may take more time.

At the same time, "Kyivstar" home Internet subscribers are already reporting about the restoration of the service.

Officially, the Russian authorities did not comment on the attack on "Kyivstar".

"Solntsepek"

"Kyivstar" is perhaps not the first object of attack by Russian hackers "Solntsepeka".

In the spring of this year, the group actively published information about harming various Ukrainian structures, including the websites of Suspilny, Channel 24, Ukrainian providers, the Ministry of Infrastructure, and the Southern Mining and Processing Plant.

The specialized IT publication DEV.UA wrote that "Solntsepek" can supervise the Main Intelligence Directorate of Russia.

The group's activities are also linked to the Kremlin-backed hacker group Sandworm, the newspaper reported citing its sources in the State Intelligence Service.

"Sandworm is an elite unit of Russian hackers that works for the Kremlin. It was the one that spread the NotPetya virus, which destroyed data on the computers of commercial and government structures all over the world, causing losses of $10 billion with just one sabotage," DEV.UA notes and adds that Sandworm is subordinate to the Main Intelligence Directorate of Russia.

The United States has released a poster naming several people it believes are part of the Sandworm hacking group and are wanted by the FBI

What is known about the attack on "Kyivstar" and when there will be communication

On the morning of December 12, one of the largest mobile operators in Ukraine - "Kyivstar" - experienced a technical failure.

Later, the company confirmed that it had become a victim of a "powerful hacker attack".

The general director of the company Oleksandr Komarov said that part of the virtual IT infrastructure was destroyed.

The outage affected communications, the Internet, the operation of bank terminals and automatic systems in some regions, such as alerts or turning off street lights in the morning.

The company involved law enforcement officers and special services to record the consequences of work interference.

According to Komarov, personal data of subscribers are not compromised, specialists are working on troubleshooting.

"We did not see any atypical traffic behavior. Our basic version is that the goal is to destroy the infrastructure, to lay the critical infrastructure of the country. Perhaps in order to discredit the president's visit to the USA, to add something to the energy blackouts, to influence the morale of Ukrainians through other levers," Komarov said in an interview with Forbes.UA.

He also did not specify the exact time frame for the complete restoration of the infrastructure after the attack by Russian hackers, although the company's press service promised to overcome the problems as early as December 13.

"This is the most difficult question today because I don't want to speculate on it. We have several scenarios."

According to preliminary calculations, it is planned to restore fixed Internet for households on December 13, as well as start the launch of mobile communication and Internet.

"Baseline scenario - I hope we start restoring this service tomorrow (December 13). But there is a very large level of uncertainty. You restore the performance of some system, and you start to have new problems," said the director.

The State Special Communications Service also clarified on December 13 why internal roaming between mobile operators does not work.

"In order to avoid overloading the networks of other operators, at the request of the SBU, the National Center for Operational and Technical Management of Telecommunications Networks issued an order to temporarily block the national roaming service for Kyivstar subscribers," the department said.

Therefore, clients of "Kyivstar" cannot currently switch to the network of other operators.

Cyber ​​specialists of the Security Service of Ukraine and "Kyivstar" specialists, in cooperation with other state bodies, continue to restore the network after yesterday's hacker attack.

SOURCE BBC
spot_imgspot_imgspot_imgspot_img

popular

Share this post:

More like this
HERE

Singer Bilozir wants to return to politics to head the Ministry of Culture

People's Artist of Ukraine Oksana Bilozir does not rule out the possibility of returning...

How to assemble a first aid kit during war: a basic list of essentials

In wartime, a first aid kit is not just a box...

Searches at People's Deputy Ihor Molotok and his entourage - NABU investigates possible illegal enrichment

National Anti -Corruption Bureau of Ukraine together with the Specialized Anti -Corruption Prosecutor's Office ...

Parliament wants to abolish special pensions for prosecutors

Chairman of the Verkhovna Rada Committee on Finance, Taxation and...

A pastor from Ternopil was given a house worth a million dollars in Bryukhovychy, Lviv region

Pastor Ivan Pendlyshak from Ternopil became the new owner of a luxurious...

Ternopil doctor demanded $5,000 for disability registration

In Ternopil, law enforcement officers exposed a doctor who, for a monetary reward,...

Kharkiv business under pressure: how the Lozovo CCC blackmails entrepreneurs

The head of the Lozovsky District Territorial Procurement Center, Artur Vorontsov, found himself...

The head of the Yabluniv village council reduced the rent tenfold - now under investigation

Law enforcement officers exposed the head of the Yabluniv village council of the Ivano-Frankivsk region, Yuriy...