Kyivstar, Ukraine’s Largest Mobile Operator, Is Hit by a Cyberattack

Ukraine’s largest mobile operator said it had come under a powerful cyberattack on Tuesday morning that knocked out service to millions of people.

The company, Kyivstar, said that the attack also affected internet access and that it was “unclear” when service would be restored. The interruption poses real danger in a country where many rely on phone alerts to warn them of impending Russian bombardments.

“We are working to eliminate the consequences of this attack to restore communication as soon as possible,” the head of Kyivstar, Oleksandr Komarov, said in a video statement, adding that users’ personal data had not been compromised.

While Mr. Komarov did not explicitly say who was responsible for the attack and there was no immediate claim of responsibility, the implication was clear.

“The war with Russia has many dimensions, and one of them is in cyberspace,” he said.

Ukraine’s domestic intelligence agency, known as the S.B.U., said it would investigate and that one line of inquiry would be whether “Russian special services” were behind the hack.

Officials in the northern Ukrainian city of Sumy, which has frequently come under Russian bombardment, warned on Tuesday morning that the air alarm system was affected.

“The notification system will temporarily not work,” Sumy’s regional military administration said in a statement.

Data showed that connectivity for Kyivstar users plummeted to around 12 percent on Tuesday morning from close to 100 percent, with both fixed-line and mobile services affected, according to NetBlocks, a cybersecurity research group.

At the same time, one of Ukraine’s large financial institutions, Monobank, said that it, too, had been targeted by hackers. While it was not immediately clear if the attacks had been carried out by the same hackers, the effects of both were widely felt. In the western city of Lviv, the departure boards of public transit systems were down and some people were unable to withdraw cash from A.T.M.s.

After Russia’s full-scale invasion, Ukrainian telecom companies banded together to share services so that users could roam on a different provider if their service was interrupted. But the national roaming scheme was also offline on Tuesday, operators said.

Tuesday’s attack was not the first time that Ukrainian telecom companies have been targeted since the February 2022 invasion, and experts say that the attacks are part of a broader campaign.

Russian government-backed hackers targeted users in Ukraine more than any other country last year, according to a report published in February by Google’s Threat Analysis Group.

“While we see these attackers focus heavily on Ukrainian government and military entities, the campaigns we disrupted also show a strong focus on critical infrastructure, utilities and public services, and the media and information space,” the analysis found.

In March, Microsoft warned that a hacking group with ties to the Russian government appeared to be preparing new cyberattacks on Ukraine’s infrastructure and government offices.