One of Ukraine’s major internet providers was hacked twice – once in February just as Russia was invading and again on March 9, a source says.
A major Ukrainian internet service provider says it was hacked twice. Sources tell Forbes that the first hack was in February, the second on March 9, and that the hackers managed to reset devices to factory settings.
In the last 24 hours, with Russia continuing its heavy bombardment across Ukraine, parts of the country have seen severe internet outages. One cause appears to be a cyberattack on telecoms provider Triolan, which serves a substantial number of users across the country.
Unverified reports circulated earlier today suggesting Triolan had been hit by an attack. Asked over Facebook if reports of a cyberattack were true, a spokesperson responded, “Yes, unfortunately, there are no details. Engineers are now working on restoring the Internet.” Three other sources within the company and a former cofounder of the business said a cyberattack had occurred, with one claiming some of Triolan’s internal computers had stopped working because the “attackers reset the settings to the factory level.” They added that recovery was proving difficult because some equipment required physical access to restore, which was not possible due to the risk of life to personnel.
“We haven’t been able to pinpoint the source of the problem and we can’t pinpoint anyone at fault,” the source added. Another added that the attack landed on March 9, when internet outages began.
A post on the company’s Telegram page revealed that the company had, in fact been hacked twice. A source within the company said the first hack hit on February 24 as Russia moved tanks into the country, with the second on March 9, and that they had much the same effect.
Triolan said “key nodes of the network” had been hacked and that some routers couldn’t be recovered. It said 70% of those nodes in Kyiv, Kharkiv, Dnipro, Poltava, Odesa, Rivne and Zaporizhia had been restored today.
There may be other reasons for disruption of telecoms at Triolan, given it is based in Kharkiv, which has been bombarded by Russian shelling. But a cyberattack on the internet service provider represents one of the more damaging hits in what has been a fairly muted cyber side to the Russian invasion of Ukraine. Other attacks on Ukraine included attempts to install malware that would wipe PCs and a number of distributed denial of service attacks, which flooded government and banking websites with traffic to knock them offline.
The effects of the outage will have been felt across its subscriber base. “Triolan is one of the top destinations for internet traffic in Ukraine from our perspective, so it is safe to say that there are likely thousands of Ukrainians that are affected by this outage,” said Doug Madory, director of internet analysis at Kentik, an internet monitoring company.
Data from the Internet Outage Detection and Analysis at the Georgia Institute of Technology showed a sudden drop off in connectivity for Triolan late Wednesday, which has continued throughout Thursday. NetBlocks, another global internet outage tracker, saw similar downtime.
Various outages across Ukraine have been caused by physical destruction of infrastructure. Wednesday saw “major internet disruption” registered across Kherson Oblast, in southern Ukraine, with downtime at providers Ukrtelecom and Volia.
Follow me on Twitter. Check out my website. Send me a secure tip.