Ukrainian mobile operators suffered serious cyber attacks, bank services were disrupted and air raid sirens sounded

In a major cyber attack, Ukrainian mobile operators like Kyivstar experienced serious disruptions, affecting bank services and triggering air raid sirens. The incident, prompting fears of a large-scale cyber attack on critical infrastructure, reportedly harmed Kyivstar's IT infrastructure, forcing the company to cut network connections to mitigate the situation.

Originating from the region of Sumy in northern Ukraine, reports emerged about air raids. Due to Kyivstar's issues, the air warning system for affected towns and cities temporarily halted operation. Local authorities and emergency services kept the communities updated on potential air strikes.

The Security Service of Ukraine (SBU) launched an investigation, exploring the possibility of Russian special forces playing a role in the hack attack. An SBU team was dispatched to Kyivstar's headquarters to initiate the investigation and documentation process.

Russia's embassy in Washington chose to remain silent when approached for comment.

Cyber experts claim state-supported Russian hackers initiated a series of cyber attacks, aiming to weaken Ukraine's defense by targeting its critical infrastructure, conducting air raids, and physical attacks. Independent analysts indicate that assessing the effects of such cyber attacks is challenging in this politically tense situation. However, they also confirm Ukraine's cyber protective measures demonstrated substantial resilience.

In early February 2022, Russian troops invaded Ukraine, and hackers interfered with Viasat services, a satellite company often utilized by the Ukrainian military. The Biden administration accused Russia and later Moscow vehemently denied its involvement in the cyber attacks.

Victor Zhora, a former high-ranking Ukrainian cyber official, commented on the Viasat attack, asserting its impact was minimal. Zhora faced investigation under allegations of corruption in Ukraine's Special Communications and Information Protection Service, a charge he denies.

Many individuals in Ukraine reported mobile service interruptions, and some shared that their friends and relatives experienced similar issues. Taras Vasyliv, an employee from the Ukrainian power grid company, needed to rely on Wi-Fi to manage his phone communication. He intended to acquire a SIM card from another mobile operator to maintain mobile services.

Reporting: Victoria Butenko, Svitlana Vlasova, and Benjamin Brown, CNN

Additional Reading:

Enrichment:

The latest details surrounding the significant cyber attack on Ukrainian mobile operators point to an attack carried out by Ukrainian intelligence hackers from the Main Intelligence Directorate (HUR) of Ukraine's Defense Ministry against MegaFon, one of Russia's largest mobile and internet operators. Some key facts include:

1. Attack Details:
2. The attack took place on January 24, 2025, and resulted in widespread disruptions not only for MegaFon but also affected other telecom and internet operators like Yota and NetByNet.
3. The disruptions led Russians to temporarily lose access to various services such as Steam, Twitch, and Discord, which were extensively utilized by the country's military and intelligence services.
4. Impact on Services:
5. Residents of Moscow, St. Petersburg, and other central regions of Russia experienced issues with mobile and internet services.
6. Roskomnadzor, the Russian communications watchdog, confirmed MegaFon's disruption, attributing it to a "successful carpet DDoS attack."
7. MegaFon's Response:
8. Despite claims of "normal operation," MegaFon acknowledged potential access issues related to factors beyond their control.
9. Potential Implications:
10. The attack underscores the ongoing cyber warfare between Ukraine and Russia, with significant implications for critical infrastructure.
11. The disruption of mobile and internet services can impact communication, commerce, and daily life in regions heavily reliant on such services.
12. Context in Cyber Warfare:
13. This attack is part of a broader pattern of cyberattacks and counterattacks in the ongoing conflict between Ukraine and Russia.
14. Other recent incidents include Russian state-aligned threat actors targeting secure messaging applications like Signal and WhatsApp to monitor Ukrainian military and government officials.
15. Critical Infrastructure Vulnerability:
16. The attack highlights the vulnerability of critical infrastructure to cyber threats. In the context of Ukraine, repeated attacks on key infrastructure have intensified, leaving Ukraine's electrical grid 70% reliant on three complexes of nuclear reactors, which are increasingly under threat from grid instability.

In summary, the cyberattack on MegaFon and other Ukrainian mobile operators is a significant escalation in the ongoing cyber warfare between Ukraine and Russia, with potential implications for critical infrastructure and broader stability in both countries.