{ "id": "1e766ef0-ed91-4afa-af3c-7df36b5e6a55", "created_at": "2026-04-06T00:21:59.991088Z", "updated_at": "2026-04-10T13:12:02.970462Z", "deleted_at": null, "sha1_hash": "c53aae75ff71e30bfbadff48f9c51547a66e2a24", "title": "Russian hacker group claims responsibility for Kyivstar cyberattack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1733498, "plain_text": "Russian hacker group claims responsibility for Kyivstar\r\ncyberattack\r\nBy Martin Fornusek\r\nPublished: 2023-12-13 ยท Archived: 2026-04-05 17:58:48 UTC\r\nNews Feed\r\nDecember 13, 2023 6:19 pm\r\nA Kyivstar building in Kyiv, Ukraine, on Dec. 25, 2012. (Wikimedia Commons/Maksym Kozlenko)\r\nA Russian hacker group claimed responsibility for the recent cyberattack against Ukraine's leading phone\r\noperator, Kyivstar, the Security Service of Ukraine (SBU) reported on Dec. 13.\r\nUkraine came under a massive cyberattack on Dec. 12, which targeted Kyivstar and one of the country's largest\r\nbanks, Monobank. People across the country reported internet and network outages, as well as issues with air raid\r\nalerts.\r\nWork to restore services is underway, and the home internet is expected to be fixed later on Dec. 13, the SBU said.\r\nThe restart of phone connection and phone internet services is planned for the same day.\r\nAccording to Ukraine's security service, the hacker group allegedly responsible for the attack is under the\r\ncommand of Russia's military intelligence agency, the GRU.\r\nhttps://kyivindependent.com/sbu-russian-hacker-group-reponsible-for-kyiv-star-cyberattack/\r\nPage 1 of 2\n\nRussia has been repeatedly accused of backing cyber-crime groups in attacks against its rivals. Moscow has also\r\ndeployed its cyber capabilities against Ukraine, including attacks on government institutions, the defense sector,\r\nand energy infrastructure.\r\nAlthough the SBU did not specify the group's name, a Russian hacker group called Solntsepek claimed\r\nresponsibility for the attack against Kyivstar in a statement published on Telegram earlier on Dec. 13.\r\n\"We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine, as well as\r\ngovernment agencies and law enforcement agencies of Ukraine,\" the group wrote on social media.\r\nSolntsepek claimed that its attack had \"destroyed\" 10,000 computers, over 4,000 servers, and all cloud storage and\r\nbackup systems.\r\nKyivstar denied that any computers or servers had been destroyed. The company also noted that subscribers'\r\npersonal data remains safe.\r\nThe SBU, however, acknowledged that the attack resulted in critical damage to Kyivstar's digital infrastructure.\r\nAccording to dev.ua, Solntsepek has carried out hostile activities against Ukraine in the past, which included\r\nrevealing the personal details of Ukrainian soldiers.\r\nUkraine's cyber defense agency connected Solntsepek to Sandworm, a hacker group run by the GRU.\r\nSource: https://kyivindependent.com/sbu-russian-hacker-group-reponsible-for-kyiv-star-cyberattack/\r\nhttps://kyivindependent.com/sbu-russian-hacker-group-reponsible-for-kyiv-star-cyberattack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://kyivindependent.com/sbu-russian-hacker-group-reponsible-for-kyiv-star-cyberattack/" ], "report_names": [ "sbu-russian-hacker-group-reponsible-for-kyiv-star-cyberattack" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "2b45a355-6d1d-44d8-8bc3-20c17e30757d", "created_at": "2023-12-21T02:00:06.092349Z", "updated_at": "2026-04-10T02:00:03.501337Z", "deleted_at": null, "main_name": "Solntsepek", "aliases": [], "source_name": "MISPGALAXY:Solntsepek", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434919, "ts_updated_at": 1775826722, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c53aae75ff71e30bfbadff48f9c51547a66e2a24.pdf", "text": "https://archive.orkl.eu/c53aae75ff71e30bfbadff48f9c51547a66e2a24.txt", "img": "https://archive.orkl.eu/c53aae75ff71e30bfbadff48f9c51547a66e2a24.jpg" } }