Ukrainian authorities have detained a “hacker” who was allegedly helping the Russian military send instructions via mobile phone networks to its troops, Ukraine’s SBU security service said Tuesday.
The suspect, whom the SBU did not identify, was accused of being on “thousands” of phone calls to Russian officials, including senior military officers and of sending text messages to Ukrainian officials suggesting that they surrender. The equipment seized was used to route Ukrainian mobile phone traffic to Russian networks, according to Victor Zhora, a senior cybersecurity official in the Ukrainian government.
It’s the latest development in the ongoing battle for communications networks in Ukraine as the Russian military continues to shell the capital of Kyiv. From Moscow to the front lines of the war in Ukraine, the ability to communicate to troops and citizens alike has been contested by suspected Russian and pro-Ukrainian hackers.
Hackers last week caused outages at a Ukrainian internet service provider Triolan, which has customers in major cities. Triolan blamed “the enemy,” a reference to Russia, but did not provide evidence supporting that claim.
Carmine Cicalese, former chief of cyberspace and information operations at US Army headquarters, said functional mobile phone networks are of particular importance to non-military personnel in Ukraine who are taking up arms against Russia and who do not have access to tactical communications equipment.
More broadly, in war the ability to be able to communicate with friends and family is “vital to maintaining morale,” Cicalese, who is now president of cybersecurity firm Cyber Cic, LLC, told CNN.
In a separate incident, satellite modems that provide internet service for tens of thousands of customers in Europe, including some in Ukraine, were taken offline in a cyberattack on February 24, around the time that Russian forces began attacking Ukraine, an official from the US telecommunications provider Viasat, which owns the affected network, told CNN.
Zhora, the Ukrainian official who works at the State Service of Special Communications and Information Protection, told reporters Tuesday that the satellite hack “was a really huge loss in communications in the very beginning of the war.”
The hack of the Viasat satellite network was a “deliberate, isolated and external cyber event” that a third-party cybersecurity firm and “government partners” are investigating, Viasat said in a statement.
Chris Phillips, spokesperson for Viasat, told CNN in an email that the KA-SAT, the Viasat satellite network targeted in the hack, had been “stabilized.” Phillips declined to specify how many customers had been affected by the incident, calling it a “partial outage.”
Reuters first reported on the scope of the Viasat hack and the US investigation.
The US government is investigating the hack of Viasat as a potential Russian state-sponsored cyberattack, a US official familiar with the matter told CNN.
The US National Security Agency is “aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network,” an NSA spokesperson told CNN. “We continue to work with interagency partners and Allies to assess the scope and severity of the incident and make available any relevant expertise we possess.”