Ukraine’s largest mobile carrier Kyivstar is slowly restoring services following a massive hacker attack that its CEO, Oleksandr Komarov, described as “the biggest cyberattack on telco infrastructure in the world.”

Kyivstar has around 24 million mobile subscribers and more than 1.1 million home Internet users and is also a vital backbone for thousands of private businesses and many digitized state services. The mobile operator was hit with the cyberattack on December 12, with people across Ukraine reporting internet and network outages, as well as issues with air raid alerts. The attack reportedly damaged the company’s IT infrastructure.

Kyivstar said that the restoration of services will be conducted step-by-step.

“We will not turn on the voice (services) all over the country at the same time. We will go step by step to make sure that the services which were rebuilt work stably, that they can withstand the load and we can move on to restore mobile internet services,” Komarov said in an interview.

Komarov explained that the intruders were able to gain access to the company’s internal network through a compromised account of one of the employees. The likely goal of the attack, according to Komarov, was to destroy Ukraine's critical infrastructure and sow discord among citizens.

The company is working in close cooperation with the Security Service of Ukraine and Microsoft, Cisco and Ericsson to investigate the incident and restore the services.

Two hacker groups have claimed responsibility for the hack - Killmilk and Solntsepyok (in the English language it can be roughly translated as ‘sun-scorch’). Solntsepyok is believed to be a front for a well-known Russian hacking group dubbed “Sandworm” associated with Russia’s GRU military intelligence agency, which has been relentlessly targeting Ukraine, including its energy sector, since the beginning of the Russian invasion with multiple data-wiping malware.

While Killmilk didn’t provide any proof of their claims, Solntsepyok shared screenshots showing alleged access to Kyivstar’s servers. The group said it destroyed more than 10,000 computers and 4,000 servers in the attack against Kyivstar, including its cloud storage and backup systems. However, the company refuted the claims and stressed that customer data was not compromised.