They’re fixing internet in bombed out buildings, finding rogue operators providing Russians with mobile connections and thwarting hackers. The telecom companies of Ukraine and their employees are being hailed as heroes in the war with Russia.
On the nervous streets of Kyiv, down the bombarded thoroughfares of Kharkiv, in the rubble-strewn ruins of Mauripol, in bomb shelters and basements and at blown out base stations, Ukraine’s internet technicians are busy. Their employers – whether giants serving half the country’s 40 million population like telecom company Kyivstar or smaller players such as Triolan, which provides service to about a million people – have seen digital infrastructure targeted by both rockets and hackers, flatlining equipment in the early days of Russia’s invasion and threatening connectivity throughout the following days and weeks.
Images sent to Forbes by Kyivstar show what the conditions are like. Despite obliterated terrain and internet wires, fire-blackened data centers, curfews, lack of light, and the danger of death from above, the fixers go out and turn the internet back on so Ukrainians can stay in touch with one another and get word out beyond borders, to illuminate for the world the darkness that’s descended on their nation. Their government calls them the “invisible heroes” of the war, entering dangerous places to replace and upgrade equipment.
As their technicians risk their lives to keep Ukraine online, once rival telecoms companies are coming together to help keep lines open. Last week, Kyivstar, Vodafone Ukraine and Lifecell launched “national roaming,” meaning subscribers could quickly switch to the network of other operators if their main provider went down.
They’re also helping law enforcement sniff out rogue operators who are helping Russians in the country stay connected. On Tuesday, the country’s security services said a “hacker” had been arrested for providing “the occupiers with mobile communications in Ukraine.” The authorities announced on Telegram the hacker had facilitated up to 1,000 calls in one day, many from Russian leadership in Moscow. According to one telecoms company source, this latest case was a twist on what’s known as “refiling” fraud, where the hacker can provide calls into Ukraine and hide the originating number, charging a fee to the caller and bypassing any blocks or additional charges from the telecoms provider. This was a common fraudster technique adapted for wartime, the telecoms employee said.
And while bombs are effective enough at wiping out connectivity, it’s clear Ukraine’s enemies have felt it necessary to employ hackers to try to knock citizens offline too. In recent days, Forbes has learned more about a sustained cyber operation targeting Ukraine’s telecoms providers. Last week, it emerged that systems at Triolan had been reset to factory settings as hackers hit for a second time, the first hit landing as Russia launched its assault on February 24. Both ended up causing outages, which persist through to today, though every day Triolan updates users on Telegram with its progress. On Tuesday, another 200 houses in Kyiv got their internet back, in Kharkiv 474. “Restoration work is being completed,” said a Triolan employee, who added “other providers also had problems, but we cannot assess the scale.”
Another small provider – Vinasterisk – had been targeted and suffered significant downtime earlier this month, according to NetBlocks, which has been tracking internet outages in Ukraine. (Forbes was unable to reach any Vinasterisk employee for comment.) Though it’s not yet been tied to the war in Ukraine, Viasat, which provides some satellite internet in the country, was hit by a cyberattack in late February that took down some of its services.
No other telecoms company has reported any serious deterioration of services from a cyberattack, however. Collectively, the companies have, for the most part, repelled the attacks, just as they’ve recovered quickly from physical destruction.
“There are ongoing attacks in telecommunications providers, with some in our estimation being potentially sourced from sophisticated actors,” said Matt Olney, director of threat intelligence at Cisco’s Talos cybersecurity division. Olney, whose team has been helping organizations in Ukraine with cyber defence over the last eight years since the Crimea annexation, added that “while it is difficult to provide full attribution at the pace of operations, there are elements of some of these attacks that make them more concerning: the level of stealth, demonstrated understanding of internal systems and architecture.
“So far the Ukrainian defenses seem to be handling things well with good coordination between targets and government support.”
Neither Ukraine government agencies nor the targeted internet providers have attributed the cyberattacks to a military or intelligence agency. Such is the occasional complexity – especially during a time of chaotic conflict – they were even tentative about pointing to Russia, though it would be the obvious suspect.
“No doubt our adversary tried to probe all internet service providers,” said Victor Zhora, deputy head of the State Service for Special Communications and Information Protection. They didn’t manage to cause any serious breach, however, Zhora added.
Telecoms companies are similarly bullish about fending off Russian hackers. “All modern wars are hybrid. Cyberattacks and deep fakes are the types of weapons today,” said Yuriy Prokopenko, director of cybersecurity at Kyivstar. His company is better resourced than most to fend off attacks with its last results in 2020 showing $850 million in revenue for the year. “Our company is able to respond to any kind of cyber threat. Moreover, since Russia began an invasion of Ukraine and the escalation of war, Kyivstar has taken serious additional measures to ensure cybersecurity.
“Today our employees successfully work remotely from different cities of Ukraine and other countries, using secure equipment and communication channels. The network is protected from any known and unknown cyber threats. Personal data of Kyivstar’s employees, as well as our subscribers and customers, are under reliable protection.”
Speaking later during a press conference, Zhora said, “This war is probably the first case in history when the importance of communications, of keeping them online, is so high. This probably explains why Ukraine continues to successfully resist this aggression.”
Just as it remains stoic and vigilant in the face of air strikes and shelling, Ukraine will have to keep its guard up in the cyber realm. There has been a collective bemusement at Russia’s withheld approach to the cyber side of its war. But attacks are ramping up. According to data released by cybersecurity company Check Point on Tuesday, average weekly attacks per organization in Ukraine, across all industries, has risen 20% since the beginning of the conflict.
And there may be overspill from the war. Attempted hacks of government organizations across the world have surged by 21%.