Initial Thoughts on the Kyivstar Hack
https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/
In some ways this looks like a destructive attack similar to the VIASAT hack at the start of the war. But it differs in far more significant ways.
In similarities, the hack has some military implications: firstly a lot of air raid warning systems are now offline, and secondly a lot of Ukrainian military communications is done over mobile phone.
The attack won’t be as damaging to military communications as the VIASAT hack. Ukraine’s mobile telecommunications systems have been configured for increased resilience to disruption.
The three carriers all accept customers from other networks so if there is any signal from any network at all, people can make phone calls and get internet.
That said, Kyivstar is the top carrier in Ukraine. It has 26m subscribers, almost as much as the other two carriers (Vodafone 19m, and Lifecell 9m) combined.
Disrupting Kyivstar means 50% of mobile subscribers lose their main carrier. Half of the country’s mobile telephony infrastructure is offline. This will cause congestion and overloading on the remaining carriers’ networks.
This sort of attack shapes the battle space and creates conditions that can be exploited. For example, I would think that the front lines and the ISR (intelligence, surveillance, reconnaissance) drone operators will have less bandwidth to communicate with artillery and other support elements. This will decrease their operational capacity and reduce their defensive capabilities.
It isn’t clear yet whether this attack was coordinated with any other actions. I would expect some attempt to exploit this, otherwise it is just adding friction to daily life for a short time. Unpleasant, but not strategically significant.
Maybe they are literally just trying to make people’s lives miserable?
It is worth keeping an eye out to see if there are further attacks on telcos. Taking down all of the telecom providers would be an effective attack. Sure, mobile internet isn’t the critical component of military communications… but it is damn hard to run a modern war without a data link.
=> More informations about this toot | More toots from thegrugq@infosec.exchange
@thegrugq It would be incredibly naive to think that a nation state actor is not behind this attack (duh, we all know who it is), especially after Ukraine has been RU's "cyber test kitchen" for years. I also agree with "trying to make people's live miserable" since losing access to communication in such scale has an effect of the morale
=> More informations about this toot | More toots from 0xamit@infosec.exchange
@thegrugq one could also speculate that it is a retaliation to this breaking story. https://www.bleepingcomputer.com/news/security/ukrainian-military-says-it-hacked-russias-federal-tax-agency/
Apparently this happened 4 days ago, so would fit a timeframe where the russians had an exploit ready and triggered it as a response.
On the other hand, the fog of war..
=> More informations about this toot | More toots from falschgold@mastodon.social
@thegrugq IIRC there was a long interview with, I think, Illia Vitiuk around 2-4mo ago on one of my main Podcast feed, so probably with Dmitry A, or maybe WarOnTheRocks, where he pointed out that even taking down the smallest carrier early in the war had a domino effect on congestion on the rest. So an extreme impact of the effect you describe here. He saw that as the most impactful of the topics discussed in that interview.
I expect the remaining telcos would force users to lower bandwidth, so force users to chat vs audio/video to maintain widespread availability, but it would be hugely crippling, especially if users sidestep port blocking with VPNs, etc.
=> More informations about this toot | More toots from secureisd@infosec.exchange
@thegrugq yesterday russians have fired ten surface-to-air missiles onto Kiev. These can be configured to strike the ground but they have no guidance meaning they land in a random spot in the general area. This missile doesn't follow the typical ballistic trajectory so it couldn't be used to fish out air defenders.
So what other reasons could it be other than to make people's life miserable?
=> More informations about this toot | More toots from egorFiNE@mastodon.social
@thegrugq what's totally unclear to me is this.
Imagine you've got access that much deep into adversary's provider. Would you rather nuke the infra just once or snitch the data forever?
=> More informations about this toot | More toots from egorFiNE@mastodon.social
@egorFiNE exactly. This makes no sense unless you value causing friction to daily life for a short period of time as more important than any military or strategic advantage that could be gained.
The opportunity cost here is — some tactical advantage that could be exploited during an offensive, or something… and the strategic advantage of having calling data, messages, and geolocation data for 50% of the country!
So, the question becomes, what drove the decision? A rational calm assessment that says “making Ukrainians miserable is the most critical objective for this phase of the war”… or is it internal politics, such as Putin saying “now all the armed forces will do attacks against civilian infrastructure.” And so the cyber guys just said, “well, we must do something, this is something, we must do this.”
Idk. I’ve got a longer write up I should finish.
For now I expanded my thoughts on Twitter,
Thread begins here:
https://x.com/thegrugq/status/1734847340903837710
=> More informations about this toot | More toots from thegrugq@infosec.exchange
@thegrugq
well, we must do something, this is something
Being an insider in the UA telco...the more I think of it, the more I believe it looks like that is the case here.
=> More informations about this toot | More toots from egorFiNE@mastodon.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini