Latest:
Thursday, June 4, 2026

TheLoopWire delivers timely news, in-depth analysis, and expert insights on the latest developments in technology, innovation, and the digital world. From artificial intelligence and cybersecurity to startups and emerging trends, TheLoopWire keeps readers informed about the technologies shaping the future.

Telecom

Kyivstar Denies SBU Claims: Hackers Did Not Have Months-Long Access to Systems

ad

Ukraine’s largest mobile operator Kyivstar has publicly disputed claims made by the Security Service of Ukraine (SBU) regarding the duration and extent of a major cyberattack that crippled the company’s services in December 2023. The telecommunications giant stated that its internal investigation found no evidence supporting assertions that hackers maintained access to its systems for several months prior to the attack. Furthermore, the company emphasized that no customer personal data was compromised during the incident, contradicting earlier suggestions of a more extensive breach.

The massive cyberattack on Kyivstar, which serves approximately 24 million subscribers in Ukraine, caused widespread disruption on December 12, 2023. Millions of Ukrainians were left without mobile communication, internet access, and related services for several days during one of the most significant cyber incidents in the country’s history. The attack affected not only individual users but also critical infrastructure, payment systems, and businesses that relied on Kyivstar’s network. Air raid warning systems in some regions were temporarily compromised, highlighting the serious national security implications of the attack.

The SBU had previously announced that Russian military intelligence hackers had penetrated Kyivstar’s systems as early as May 2023, maintaining persistent access for approximately seven months before launching their destructive attack. According to the security service, the hackers used this extended access period to map the company’s infrastructure and prepare for maximum impact. The SBU attributed the attack to the Sandworm hacking group, which is believed to be affiliated with Russia’s GRU military intelligence agency and has been responsible for numerous high-profile cyberattacks against Ukraine and other countries.

However, Kyivstar’s own forensic investigation has reached different conclusions. Company representatives stated that their technical analysis, conducted in cooperation with international cybersecurity experts, did not confirm the multi-month intrusion timeline suggested by Ukrainian authorities. The operator maintained that the attack, while devastating in its immediate impact, did not result in the exfiltration of subscriber information including personal details, call records, or financial data. This assessment is crucial for the company’s reputation and its obligations under data protection regulations.

The discrepancy between the SBU’s public statements and Kyivstar’s findings highlights the complexity of attributing and analyzing sophisticated cyberattacks. Forensic investigations of major breaches often yield different interpretations depending on the methodology used and the evidence available to different parties. Cybersecurity experts note that determining the exact timeline of an intrusion can be challenging, particularly when attackers employ advanced techniques to cover their tracks or when system logs have been destroyed during the attack itself. The Sandworm group is known for its sophisticated operational security and ability to maintain long-term presence in compromised networks.

The Kyivstar incident fits into a broader pattern of intensified Russian cyber operations against Ukrainian infrastructure since the full-scale invasion began in February 2022. Ukraine has faced thousands of cyberattacks targeting government systems, energy infrastructure, financial institutions, and telecommunications providers. The country has become something of a testing ground for Russian cyber capabilities, with attacks often coordinated with kinetic military operations. International partners, including the United States and European Union members, have provided significant assistance to bolster Ukraine’s cyber defenses and incident response capabilities.

Kyivstar, which is owned by the Dutch-based telecommunications company VEON, has invested heavily in restoring and strengthening its network security following the December attack. The company reported that it successfully restored services within days of the initial disruption, though the full recovery process took considerably longer. The operator has implemented additional security measures and is working with government agencies and international partners to prevent future incidents. The conflicting narratives between Kyivstar and the SBU regarding the attack’s specifics may eventually be resolved through continued investigation, though full details of such sensitive security matters are unlikely to be publicly disclosed.