Ukraine's national telecoms operator suffers cyberattack

Ukrtelecom, a major mobile service and internet provider in Ukraine, was hit by a cyberattack.

The internet provider said it was working to restore internet services after neutralizing the threat. In a statement, the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said, “Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT infrastructure.”

According to internet service tracker NetBlocks, real-time network data showed the cyberattack left network data connectivity “collapsing to 13% of pre-war levels.” NetBlocks called the cyberattack a “nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”

To preserve its network infrastructure and continue to provide services to Ukraine’s Armed Forces and other military formations as well as to the customers, Ukrtelecom temporarily limited providing its services to the majority of private users and business clients, the SSSCIP said.

Toby Lewis, Head of Threat Analysis at cybersecurity AI company Darktrace, says it is no surprise that a major internet provider has been targeted. “Interrupting telecommunication infrastructure is expected practice for a military invasion and carries greater significance in a war being dubbed ‘World War Wired.’

Lewis explains that the available network activity appears to show a gradual decline in connectivity rather than a cliff-edge drop typical of distributed denial of service (DDoS) or a ransomware attack at the core of the network, which suggests that this is a supply chain attack where endpoint devices such as home routers are slowly being taken out, he says. Lewis points to a similar attack on ViaSat on the day of the invasion itself and previously with the Solarwinds Orion campaign, where the real damage only occurred after updates or malicious configuration changes were pushed out to customers.

“Supply chain attacks like these are what keep digital defenders awake at night,” Lewis adds. “Global supply chains mean that those with criminal intent have many points of vulnerability that may be tested in the pursuit of compromising sensitive systems or equipment. The urgent challenge that must be solved is getting better visibility of what is going on across complex digital infrastructures and identifying and interrupting real security problems as they occur, and before it disrupts operations.”

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry.

Service reliability underpins every modern business. Without reliable services, organizations cannot build the trust required to keep their customers loyal or free up time to focus on product innovation and differentiation.