Experts point to internal traces in cyberattack on Kyivstar

Experts point to internal traces in cyberattack on Kyivstar

Cybersecurity experts are lively discussing the consequences of a massive hacker attack on Kyivstar’s infrastructure, which led to the downfall of both its mobile and fixed-line networks.

Alexander Kardakov, owner of Octava Defense, writes on his Facebook page: “Judging by the scale, the attack was carried out from inside the network. They were connected from Kyiv or Amsterdam (VEON) – let the relevant authorities determine.”

Conclusions after a cyberattack

In his opinion, the cyberattack was carefully prepared. The hackers had all the data on the internal structure of the network and access to various parts of it, including backups. It was a team of more than 10 people who could use specially created software.

“The way the threat was ‘spotted’ and the subsequent crisis management was absolutely impressive! I was unpleasantly impressed,” Kardakov said.

He draws the following conclusions:

  1. Cybersecurity is not only about protecting yourself from the outside, but also from the inside.
  2. Backups are also stored on separate media (the so-called air-gap).
  3. And most importantly, people. According to the expert, in recent years, Kyivstar has fired the last technical specialists who actually understood how everything is built and works. They were replaced by “good presenters”.

Trail of owners

This post by Kardakov is being actively commented on by other users. Some believe that there was a “deliberate data erasure”. And this could have been done by the actual owners of Kyivstar with a Russian trace.

“They’ve had enough – Friedman and co. have cleaned everything up. Cybersecurity does not help from the owners. The question now is to whom and what they leaked and what to do with it,” says Mykhailo Komisaruk, owner of Ukrnet.

Ihor Shevchenko, head of the Successful Ukraine charitable foundation, also believes that “it is very likely a sabotage by the Russian special services with the assistance of the Russian owners of the CS, who still control the company.”

Internal footprint

Another possibility is that the company’s employees are deliberately or unknowingly influenced by the company.

“Often, after the system is set up and working perfectly, company executives have a “brilliant” idea about optimizing IT costs. After all, they seem to think that an encyclopedia is enough,” writes system administrator Nikolay Solonin.

“It’s unfortunate, but this is a trend in everything. The management believes that if the system is working, then there is no need for a specialist to fix problems. But they don’t realize that the system works thanks to these specialists,” says Vitaliy Medvedyk.

Igor Khodorovskyi adds: “The employees themselves put it there. Or they just turned off the switch…. and that’s it…… The barn burned down – the mountains and the house…”

Be that as it may, the specialists of Kyivstar are making titanic efforts to fully restore the company. We wish them success, and we wish the SSU to deal with all possible traces of the cyberattack.


Please enter your comment!
Please enter your name here