A woman walks past a store of Ukraine's telecommunications company Kyivstar, amid Russia's attack on Ukraine, in Kyiv, Ukraine, 12 December 2023; Credit: Reuters/Alina Smutko

KYIV (Reuters) - Ukraine's biggest mobile network operator said it hoped to restore operations by Wednesday 13 December 2023, after coming under what appeared to be the largest cyberattack since Russia launched its war on the country in February 2022.

The attack on Kyivstar on Tuesday 12 December 2023, which has more than half of Ukraine's population as mobile subscribers, knocked out services, damaged IT infrastructure and put millions of people in danger of not receiving alerts of potential Russian air assaults.

It also disrupted the air raid alert systems themselves in parts of Kyiv.

The company's Chief Executive Officer Oleksandr Komarov said the attack was "a result of" the war with Russia.

"War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war," he told national television.

"[The attack] significantly damaged [our] infrastructure, limited access, we could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy's access."

Komarov did not say which Russian body he believed to be responsible but said personal data of users had not been compromised.

Russian hacktivist group Killnet claimed responsibility for the attack via a statement on the Telegram messaging app, but did not provide evidence.

A source close to Kyivstar said the Ukrainian military was not affected by the outage.

Ukraine's SBU intelligence agency told Reuters one of the possibilities it was investigating was that of a cyber-attack conducted by Russian security services.

Russia's foreign ministry did not immediately respond to a request for comment.

Kyivstar, which has 24.3 million mobile subscribers, as well as more than 1.1 million home internet subscribers, said late on Tuesday that fixed-line services were partially restored and it was working to restore other services by Wednesday.

"This isn't the first attempt to breach the perimeter of the country's telecom operator, but unfortunately, this attempt has been successful," Komarov told Forbes Ukraine.

State actor

A source close to Ukraine's cyber defence agency also said that Russia was suspected to be the source of the attack, but no specific group had been identified.

"It's definitely a state actor," said the source, who asked not to be identified because of the sensitivity of the issue, adding that data cable interception showed "a lot of Russian controlled traffic directed at these networks".

"There's no ransom. It's all destruction. So it's not a financially motivated attack," said the source.

Komarov told Forbes Ukraine that Kyivstar's "working hypothesis" was that the goal of the attack was destruction and disruption.

"Perhaps it was aimed at disrupting the president's visit to the United States, perhaps to aggravate energy blackouts, or impact the morale of Ukrainians," he said.

President Volodymyr Zelensky was in Washington on Tuesday, pleading for more US military support to fight Russia.

Ukrainian officials said air raid alert systems in more than 75 settlements in Kyiv region, which surrounds the capital, were affected by the cyberattack and they would announce aerial danger through loudspeakers until repair works done.

Millions of Ukrainians depend also on phone alerts to warn them of possible Russian air attacks.

In Kyiv, some people rushed to connect to other network providers and a small queue of customers formed at a store for Vodafone, Kyivstar's largest competitor.

One man who bought a new SIM was 25-year-old PR consultant Dmytro. "My connection has completely disappeared, my internet and my satellite navigation aren't working, I can't move around the city," he said.

Kyivstar, owned by Amsterdam-listed mobile telecoms operator Veon, said in a statement on Facebook it was cooperating with law enforcement bodies.

Veon said it was also investigating the attack and it could not yet quantify the financial impact.

Separately, the co-founder of Monobank, a major Ukrainian payment system, said in a social media post that his company was currently suffering a distributed denial of service (DDoS) attack, but that everything was "under control". He subsequently said that attack had been fought off.

Representatives of PrivatBank and Oschadbank, two major Ukrainian financial institutions, told media outlet Hromadske that some of their ATMs and card terminals had been affected by the Kyivstar outage.

Ukrainian state bodies and companies have often accused Russia of orchestrating cyberattacks against them in the past.

At the war's outset, a cyberattack hit Viasat Inc, disabling thousands of satellite internet modems across Europe and causing a huge loss in communications for Ukraine.