Cybersecurity experts are lively discussing the consequences of a massive hacker attack on the infrastructure of Kyivstar, which led to the downfall of both mobile and fixed networks.
Olexander Kardakov, owner of Octava Defence, writes on the FB page: “Judging by the scale, the attack was carried out from within the network. They connected from Kyiv or Amsterdam (VEON) – let the relevant authorities decide”.
Conclusions after a cyber attack
In his opinion, the cyber attack was carefully prepared. The hackers had all the data about the network’s internal structure and access to its various parts, including backups. It was a team of more than 10 people who could use specially created software.
“The way the threat was “noticed” and the subsequent crisis management was absolutely amazing! They were unpleasantly impressed,” says Kardakov.
He makes the following conclusions:
- Cyber security is not only protection from the outside, but also from the inside.
- Backups are also stored on separate media (the so-called air-gap).
- And most importantly – people. According to the expert, in recent years, the last technical specialists who actually understood how everything is built and works were fired at Kyivstar. They were replaced by “good presenters”.
Trace of the owners
This post by Kardakov is actively commented on by other users. Some believe that “deliberate erasure of data” took place. And this could be done by the actual owners of Kyivstar with a Russian footprint.
“Dopiz@ilis – Fridman and co cleaned everything up. Cyber security does not help from the masters. Now the urgent question is who and what they pissed off and what to do about it,” says Mykhailo Komisaruk, owner of Ukrnet.
“That’s how Maratovych (Fridman Mykhailo Maratovych – G.B.) was driven to Mozhai. Since November, he was forced to return to the Russian Federation. Maybe he pressed the Big Red Button. And it is also possible that this was a condition for his painless return, writes Aleksandro Romanini, who has already managed to remove the account. – It should also not be forgotten that terabytes of data passed through the CS servers, including critical Plus Halsey. Therefore, it was necessary to understand that Maratovych controlled the critical infrastructure of the state. And it was, at the very least, short-sighted to chase him around all corners. But who thought about that. As always, it is not the time to think. The rake is our everything.”
Also, Ihor Shevchenko, the head of the “Uspishna Ukraine” charitable foundation, believes that “with a high probability, this is a diversion by the Russian special services with the assistance of the Russian owners of KS, who still control the company.”
Another version consists in the conscious or insufficient knowledge of the influence of the company’s employees.
“Often, after the system is set up and working perfectly, company management has a “genius” idea about optimizing IT expenses. After all, from now on, it seems that Enikei is enough for them”, – writes system administrator Mykola Solonin.
“It is very unfortunate, but this is a trend in everything. Management believes that if the system is working, then a troubleshooter is not needed. But it doesn’t understand that the system works thanks to these specialists,” Vitaliy Medvedyk notes.
Igor Khodorovskyi adds: “The employees themselves put in the money. Or just turned off the toggle switch…. and that’s all… The barn burned down – the mountains and the house…”
Be that as it may, specialists Kyivstar today are making titanic efforts to fully restore it. Therefore, we wish them success, and the SBU to deal with all possible traces in the course of the cyber attack.