The SSU’s cyber specialists and investigators are collecting evidence against hackers of the main directorate of the general staff of the russian armed forces (‘the GRU’) who attacked a national mobile operator Kyivstar. After all the examinations are completed and suspects are declared, the case file will be passed to the International Criminal Court in The Hague.

This was announced by Illia Vitiuk, Head of the SSU Cyber Security Department, in an interview with the Ukrinform news agency.

‘We are working to notify persons involved of suspicion under our legislation, and subsequently transfer these cases to the ICC. War criminals must be tried at the international level!’ Illia Vitiuk said, emphasizing that cyberattacks on civilian infrastructure should be recognized as war crimes.

So far, the SSU has established that the attack on Kyivstar was carried out by the SandWorm hacker group, a regular unit of the russian military intelligence service.

According to the head of the Cyber Security Department, the SSU is currently conducting a series of examinations of the systems affected and the damage caused. The SSU has also sent requests to receive additional information from international partners.

Illia Vitiuk stressed that within the investigation, the Cyber Security Department is working regarding the entire ‘vertical’, all the participants involved in the attack.

‘Not only the specific perpetrator, but also, at least, the head of the military unit and the leadership of the service that carried out the destructive activity must be held accountable for these actions,’ the cyber security chief commented.

He added that there are only three cases in the world where hackers were declared suspects for cyberattacks on infrastructure. And one of them is the SSU’s case.

Illia Vitiuk also said that during the full-scale war the SSU blocks 4,500 cyberattacks annually.

The Armed Forces of Ukraine and the Ministry of Defence are a special priority in cyber defence, as enemy attempts to interfere with military systems are regular.

‘SSU Cyber Security officers are constantly working in military units, staffs, going to the frontline, checking devices and systems for unauthorized interference,’ Illia Vitiuk noted. As a result, the SSU prevented technical penetration of 1,700 devices of Ukrainian military servicemen.

In addition to cyberattacks, russian intelligence services conduct info- and psyops to discredit the Defence Forces command. For example, there have been information attacks and attempts to hack official accounts, as well as the creation of dozens of fake pages of the Commander-in-Chief Oleksandr Syrskyi.

Similar attacks are being carried out by the enemy against SSU personnel: they receive threats of physical violence, letters with indications of recruitment and blackmail, etc. Illia Vitiuk shared that he personally had already been subjected to fake ‘input’ and that new attacks are possible.

‘It is very easy to manipulate information to try to influence someone. However, we are ready for such warfare methods,’ he summed up.