Attack on Ukraine's Kyivstar Telecom Company Started with a Compromised Employee Account

The Russian cyberattack on the Kyivstar telecom operator in Ukraine was devastating, leaving millions of people with no Internet or phone connection. Kyivstar's CEO, Oleksandr Komarov, explained how the attack was possible in the first place.

Attacks on critical infrastructure are easy to pull off and, since the beginning of the Russian–Ukrainian conflict, it has happened a few times on both sides. The Kyivstar cybersecurity attack affected more than 24 million people, but what set it apart was that attackers focused on destroying infrastructure, including servers and networks.

Compromising the network of a telecom company is no easy feat, as the systems are usually very well protected. A direct approach is much more complicated than going after the human element in the cybersecurity equation, and this is exactly what happened.

According to a Recorded Future News report, Oleksandr Komarov explained at. Kyiv cybersecurity conference how the attack was possible and why it had such a significant impact.

It turns out the attackers managed to compromise an employee account somehow, then they used their newfound access to slowly work their way up until they reached Active Directory. At this point, they had full access to the systems.

Because of the destructive effects of the attack, one working theory was that the attackers started to work from the inside, but it looks like that's not the case.

"There isn't sufficient evidence to suggest that the network was compromised from the inside. We've seen how hackers navigated through the network, escalating their privileges. If they had an insider, it could have been done much more quickly," said Illia Vitiuk, head of the Department of Cyber and Information Security of the SSU, during the same conference.

Kyivstar's CEO also explained that one of the attackers' goals was to destroy physical infrastructure, meaning that more than 100,000 base transceiver stations could have been damaged.