According to Ukrinform, this was reported in Telegram by the press service of the State Service of Special Communications and Information Protection of Ukraine.

It is stated that the first is the research (discovery) phase. This attack was carried out from the territory of Ukraine, which was recently temporarily occupied by the Russians. Hackers used a compromised account of a company employee for intelligence. And in the first phase, they tried to compromise other employee accounts.

During the cyber attack, hackers tried to analyze how the provider’s IT infrastructure was arranged. The SOC Ukrtelecom team quickly recorded and eliminated this cyber attack.

The second stage was a cyberattack on March 28, in which hackers tried to take control over the network and equipment of Ukrtelecom, as well as disable the company’s equipment and services. Attempts were made to change passwords from the accounts of company employees, equipment and firewalls.

The second attempt to attack the infrastructure was recorded within 15 minutes of the start, and Ukrtelecom’s IT specialists took immediate action against the cyber-attack. Ukrtelecom temporarily restricted access to services for private users and businesses to protect critical information infrastructure, as well as the continued provision of services to the country’s military and critical infrastructure. Network traffic dropped to 13% of normal network operation.

On the evening of March 28, internet access was restored for customers. The next day, the services of Ukrtelecom became almost completely available to all consumers.

Ukrtelecom warned of the cyber-attack of the State Special Communications Service and worked in coordination with the service’s specialists during its elimination. Both local and international partners of the provider, including Cisco, Microsoft and ISSP, were involved in eliminating the consequences of the cyberattack.

“The speed with which this cyberattack was eliminated testifies to the high flexibility of the network and the professionalism of the Ukrtelecom team,” said Viktor Zhora, Deputy Head of the State Special Service.

According to the current results of the investigation, user data was not damaged and its security was not violated as a result of the cyber attack. The investigation into the cyber incident continues. Currently, there are no features by which a cyberattack can be linked to a specific group of hackers.

“Ukrtelecom is constantly in the spotlight as part of Ukraine’s critical information infrastructure. Since the beginning of the invasion of Ukraine, we have seen an increase in the number of cyberattacks against our infrastructure. The attack that took place on March 28 was powerful and difficult,” Kyrylo Honcharuk told Ukrtelecom.

As Ukrinform reported, a powerful hostile cyberattack was carried out on Ukrtelecom’s IT infrastructure on March 28. In order to protect the network infrastructure and continue to provide services to the Ukrainian Armed Forces, other military formations and critical infrastructure users, Ukrtelecom has temporarily restricted its service delivery to most private users. On the same day, the attack was neutralized.