“Double strike”: hackers attacked Kyiv before the missile arrival

The Russian strike on military targets in Kyiv on the night of December 13, judging by reports from the field, turned out to be very effective. Military analysts drew attention to the fact that the night attack was preceded by a major cyber attack, which not only “put down” the Internet in Ukraine, but also paralyzed the activities of military infrastructure facilities.

Former law enforcement officer and cyber policeman Igor Bederov, in a conversation with MK, told how a cyber attack could affect the activities of the Armed Forces of Ukraine, as well as the large army of Ukrainian Internet scammers.

Hackers of the international group Solntsepek took responsibility for the cyber attack against the largest telecom provider in Ukraine, Kyivstar. Despite the fact that the provider hid the consequences of the attack as best he could, the traffic of Internet connections fell almost to the bottom for a long time. According to some estimates, the internal network infrastructure of the telecom provider, which provides communications not only to millions of subscribers, but also to the Ukrainian Armed Forces, was destroyed.

Well, then, on the night of December 13, the Russian Aerospace Forces attacked several military targets in Kyiv. The warning system was turned on after the first missile arrivals, which were recorded in the Dnieper, Darnitsky and Desnyansky districts of Kyiv. A number of infrastructure facilities were damaged.

Military analysts believe that the success of the night strike was largely facilitated by the cyber attack carried out the day before, which disrupted, among other things, some of the combat command and control systems of the Armed Forces of Ukraine. As a result, in a number of regions the Internet was cut off for a long time and the warning system stopped working. The work of the banking system was paralyzed; some ATMs, information and payment terminals, as well as POS terminals belonging to the Ukrainian Oschadbank stopped working.

Hackers from the Solntsepek group on Wednesday, December 13, reported in their channel the destruction of ten thousand computers, more than four thousand servers and cloud storage and backup systems in Ukraine. “We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as government agencies and law enforcement agencies of Ukraine. The rest of the offices helping the Armed Forces of Ukraine, get ready! PS Special thanks to the caring employees of Kyivstar,” the hackers said.

Digital security expert Igor Bederov told MK that he has no doubt about the effectiveness of the hacker attack.

– The fact is that reports immediately appeared that various call centers and Internet scammers from Ukraine, which were mainly focused on working in Russia, stopped working.

– How could the attack be organized?

– Most likely, there was some kind of intrusion into the SS7 cellular network management system. This is a data transmission system that is tied to a network infrastructure. The network infrastructure was damaged, making it impossible to provide data services, possibly a cellular signature, over public networks over GSM networks.

– Hackers from the Solntsepek group say that they attacked Kyivstar because the company worked for the Ukrainian Armed Forces. Did the attack affect command and control?

– I think it did. Despite the fact that the Ukrainian military actively uses the Starlink network for coordination and communication, many actions, in particular data transfer, are still carried out using instant messengers – Telegram, Signal, and so on. And they are all connected to cellular communications, and without it, all of them, of course, will function extremely poorly. So, of course, there will be some interruptions in the information transmission system.

– Hackers promised many surprises in the future. What kind of surprises could these be?

– There are a lot of options. As a rule, “holes” are created in the network infrastructure security system. It is possible that vulnerabilities have already been created with an eye to future cyber attacks. For example, they can be used to spread viruses across a telecom operator’s network.

– How quickly will the Kiev operator recover from a cyber attack?

“This kind of attack usually lasts three days, no more.” The fact is that this is not the only operator. There are plenty of other operators and providers out there.