Kyivstar

Kyivstar operates as Ukraine's largest mobile telecommunications provider, offering voice, data, and short message services to a nationwide subscriber base. The organisation is known under the aliases Kyivstar, Київстар, and Kyivstar GSM, with its headquarters situated in Ukraine. The company serves millions of customers across the country, providing connectivity for personal, business, and emergency communications. Its network infrastructure supports both voice calls and mobile broadband, enabling access to internet services and digital applications. As the leading operator, Kyivstar's coverage extends to urban centers and rural areas, aiming to maintain continuous service availability. The operator's role in the telecommunications market positions it as a key provider of essential communication links for the Ukrainian population.

Beyond standard mobile services, Kyivstar has been identified as a critical component of national infrastructure, notably because its systems support air raid alert functions in multiple regions. The operator's prominence was highlighted during a significant cyber incident in December 2023 that disrupted services for millions of subscribers, caused widespread communication outages, impacted banking operations, and compromised critical air raid alert systems in several regions. That 2023 attack was described as destructive rather than financially motivated, with services partially restored within a day while full recovery efforts continued amid concerns over civilian safety during aerial threats. In June 2017, Kyivstar was affected by a supply‑chain compromise involving a malicious update to the M.E.Doc accounting software, which deployed NotPetya wiper malware, PsCrypt and XData ransomware variants, and the Chthonic backdoor. The 2017 incident led to widespread system encryption and operational disruptions across critical sectors including government agencies, banking, transportation, media, and energy infrastructure, with ransom demands issued via Bitcoin addresses. Attackers in the 2017 event displayed limited technical sophistication in ransomware development while posing as Ukrainian speakers, and the episode highlighted a nation‑state‑style supply‑chain attack that blended financial motives with broader disruptive objectives. While the sources do not disclose explicit ownership or parent‑company details, the operator's scale and incident history reflect its strategic position within Ukraine's telecommunications sector.