Ukrtelecom, a major mobile service and internet provider in Ukraine, was hit by a cyberattack. 

The internet provider said it was working to restore internet services after neutralizing the threat. In a statement, the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said, “Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT infrastructure.”

According to internet service tracker NetBlocks, real-time network data showed the cyberattack left network data connectivity “collapsing to 13% of pre-war levels.” NetBlocks called the cyberattack a “nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”

To preserve its network infrastructure and continue to provide services to Ukraine’s Armed Forces and other military formations as well as to the customers, Ukrtelecom temporarily limited providing its services to the majority of private users and business clients, the SSSCIP said. 

Toby Lewis, Head of Threat Analysis at cybersecurity AI company Darktrace, says it is no surprise that a major internet provider has been targeted. “Interrupting telecommunication infrastructure is expected practice for a military invasion and carries greater significance in a war being dubbed ‘World War Wired.’ 

Lewis explains that the available network activity appears to show a gradual decline in connectivity rather than a cliff-edge drop typical of distributed denial of service (DDoS) or a ransomware attack at the core of the network, which suggests that this is a supply chain attack where endpoint devices such as home routers are slowly being taken out, he says. Lewis points to a similar attack on ViaSat on the day of the invasion itself and previously with the Solarwinds Orion campaign, where the real damage only occurred after updates or malicious configuration changes were pushed out to customers.

“Supply chain attacks like these are what keep digital defenders awake at night,” Lewis adds. “Global supply chains mean that those with criminal intent have many points of vulnerability that may be tested in the pursuit of compromising sensitive systems or equipment. The urgent challenge that must be solved is getting better visibility of what is going on across complex digital infrastructures and identifying and interrupting real security problems as they occur, and before it disrupts operations.”