Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May of last year in a cyber attack that should serve as a "big warning" to the West, Ukraine's cyber spy chief has said.
The hack, one of the biggest since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from 12 December last.
In an interview, head of the Security Service of Ukraine's (SBU) cyber security department, Illia Vitiuk, disclosed details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence.
"This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said.
He noted Kyivstar was a wealthy, private company that invested a lot in cyber security.
It is the biggest of Ukraine's three main telecoms operators and there are some 1.1m Ukrainians who live in small towns and villages where there are no other providers.
The attack wiped "almost everything", including thousands of virtual servers and personal computers.
"For now, we can say securely, that they were in the system at least since May 2023," Mr Vitiuk said.
"I cannot say right now, since what time they had ... full access: probably at least since November."
The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and possibly steal Telegram accounts with the level of access they gained.
A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."
Mr Vitiuk said the SBU helped Kyivstar restore its systems within days and to repel new cyber attacks, of which he said that there were a number of attempts.
He said the attack had no big impact on Ukraine's military, which did not rely on telecoms operators and made use of what he described as "different algorithms and protocols".
Mr Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyber attacks in Ukraine and elsewhere.
Russia's defence ministry did not respond to a request for comment on the remarks.
