Vodafone and lifecell may be vulnerable to cyberattacks


Kyivstar recently suffered a devastating cyberattack from Russian hackers, which destroyed 40% of the operator’s network. HiTech Expert finds out whether other Ukrainian operators are at risk.

Liquidation and recovery plan

Cybersecurity specialist Konstantin Korsun hopes that all the necessary preventive measures have been taken by Ukrainian operators.

“Personally, I don’t expect similar scenarios for other Ukrainian operators. They are attacked hundreds of times a day 24/7, it’s just not public information at all. Other critical infrastructure will definitely be attacked, the only questions are “when” and “what will be the consequences,” the expert said.

According to him, in the modern world, no one is immune to cyberattacks. The main thing is to prepare for the consequences, or rather to minimize them. It is necessary to have a prepared plan B, plan C and plan D, i.e. Disaster & Recovery Plan. This is the modern professional approach.


Is there a Russian trace?

At the same time, Oleksiy Semenyaka, external relations officer at RIPE NCC, who put forward the version of the Russian trace in the cyberattack on Kyivstar, points out that MTS-Vodafone also used the services of the FSB-linked Peter Service, and they may still be using some products of this Russian manufacturer.

In addition, back in 2009, the company chose a solution from the Russian Citronics as its main billing platform. In April 2023, the operator announced the start of the transition to the Amdocs system, but warned that it would take several years to complete the transition.

“The operator held tenders to find companies that would provide advice on changing the billing system, but it seems that all of them ended in vain. So, unless I’ve missed something, it’s very likely that Vodafon has at least a Russian product in partial operation,” the expert says.

In turn, lifecell claimed that it did not use “sanctioned products”, but its parent company Turkcell was on the list of Peter-Service clients.

“I would like to note that Turkcell, the parent company of lifecell, is also on the list of Peter Service clients, and its subsidiary Kuzey Kıbrıs Turkcel (operating in Northern Cyprus) uses the Peter Service platform as its main billing platform. It’s hard for me to assume what technological ties exist between lifecell and Turkcell, and to what extent the latter uses a Russian product, so the degree of risk is unknown,” Semenyaka adds.


They need audits

Oleksandr Kardakov, owner of Octava Defense, said in a commentary for HiTech Expert: “At a minimum, all mobile operators in our country have a position such as CISO – Chief information security officer. This is an information security director. That is, all these companies have thought about cybersecurity and understand that it needs to be addressed systematically.”

He believes that in order to assess the real state of affairs in each individual case, a comprehensive audit of cybersecurity management systems with all its components: technology, processes, and people, is necessary. Every operator needs to do this.

“If we talk about the Internet service of providers, of which there are more than 4,000 in Ukraine, the situation is worse. Because large operators still somehow care about cyber defense, while small ones do not,” Kardakov said.

“And I would advise CEOs and CISOs of large companies to change the passwords to the domain controller and corporate VPN right now, patch everything that needs to be patched, and then order an infrastructure security audit. This is the first priority. And then conduct training sessions with staff and a separate specialized training on cybersecurity for IT specialists,” adds Konstantin Korsun.


Please enter your comment!
Please enter your name here