Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity
Ukraine's telecommunications infrastructure faced attack on two simultaneous fronts throughout the full-scale war: physical strikes on cell towers, fiber optic cable routes, and exchange stations through conventional military weapons; and sophisticated cyberattacks aimed at degrading or destroying the software-defined components of network control. The juxtaposition of these two attack modes was most dramatically illustrated by the Kyivstar cyberattack of December 2023 — the largest successful cyberattack on a mobile operator in wartime history — which temporarily disrupted service for approximately 24 million subscribers across Ukraine. Behind this headline event, hundreds of smaller telecom infrastructure incidents have systematically degraded service in frontline and rear areas alike.
The Kyivstar Attack: December 2023
On 12 December 2023, the Russian GRU-linked hacker group Sandworm launched a devastating cyberattack on Kyivstar — Ukraine's largest mobile operator, serving approximately 24 million subscribers. The attackers had maintained persistent access to Kyivstar's internal systems for months before executing the destructive phase, which wiped virtual infrastructure including core network software and configuration data. The attack rendered Kyivstar's mobile network entirely inoperable for most of 12–13 December and caused degraded service for several days thereafter. Internet connectivity was disrupted for subscribers using Kyivstar's mobile data services. Air raid alert systems in several regions failed because they relied on Kyivstar SIM cards for communication. Cash machines and POS terminals dependent on Kyivstar SIMs also failed. Kyivstar's parent company (Veon) and Ukrainian intelligence services worked around the clock to restore service. Full restoration took approximately 48 hours for voice calls, with normalisation extending over several weeks for full service recovery.
Physical Infrastructure Damage
| Damage Category | Estimated Scale | Most Affected Region | Operator Response |
|---|---|---|---|
| Mobile base stations destroyed/damaged | Thousands of sites | Donetsk, Luhansk, Kharkiv, Zaporizhzhia | Relocate; portable towers; Starlink backhaul |
| Fiber optic cable cuts | Hundreds of routes | Eastern and southern oblasts | Emergency re-routing; buried cable priority |
| Fixed-line exchange stations hit | Dozens of facilities | Kharkiv, Mykolaiv, Kherson | Replacement units; virtualisation |
| Ukrtelecom infrastructure | Significant; 21% assets occupied | All frontline oblasts | Network segmentation; EU support |
| Power outage indirect damage | Systemwide; routine impact | Nationwide | Generator rollout; battery backup upgrade |
Operator Resilience Investments
All three major Ukrainian mobile operators — Kyivstar (Veon), Vodafone Ukraine (VEON sold to local shareholders), and lifecell (Turkcell subsidiary) — undertook major network resilience investments after 2022. Key measures included: installing generators and extended battery backup at base station sites (critical for maintaining service during power outages); deploying Starlink satellite terminals as backhaul links at sites whose fiber connections were cut; diversifying interconnection routes so that no single cable cut would isolate a large area; accelerating virtualisation of core network functions so that software-defined components could be rapidly redeployed from backup infrastructure outside the attack zone; and encrypting key management systems against persistent-access cyberattacks. Security protocols for internal network access were significantly hardened post-Kyivstar attack.
Government and Regulatory Response
Ukraine's National Commission for Communications Regulation (NCCIR) implemented a series of emergency measures for telecommunications operators in wartime, including requirements for generator backup for network infrastructure, mandatory disaster recovery plans, and information sharing with the State Service of Special Communications and Information Protection (SSSCIP — the Ukrainian national cybersecurity authority). SSSCIP coordinated the response to the Kyivstar attack and subsequent incidents. Ukraine also accelerated co-location and sharing arrangements between operators in frontline areas — recognising that rebuilding three separate infrastructures was inefficient and that a single shared infrastructure with multiple operators benefiting was more resilient.
Frequently Asked Questions
- Was the Kyivstar attack the biggest cyberattack on a telecom company ever?
- While measuring "biggest" involves multiple dimensions, the Kyivstar attack — in terms of subscriber impact (approximately 24 million), duration, and the level of infrastructure destruction achieved — is widely cited by cybersecurity analysts as among the most destructive telecommunications cyberattacks in history. The attackers achieved wiper malware deployment across core infrastructure after months of undetected persistent access. Ukraine's SSSCIP chief Yurii Shchyhol publicly described it as the biggest cyberattack on a telecom company in the world.
- Did the Kyivstar attack affect military operations?
- The attack had wider security implications beyond civilian communications. Air raid alert systems in multiple regions failed. Government emergency communications that depended on Kyivstar SIMs were disrupted. Ukrainian intelligence indicated that the timing — during winter when missile attack risk was elevated — was deliberate. Military communications operated on separate military-grade systems less exposed to the attack, though civilian communications infrastructure is also used for logistical and civil defense coordination that has indirect military implications.
- How has Starlink changed Ukraine's telecom resilience?
- Starlink has become a critical redundancy layer for Ukraine's connectivity. Approximately 42,000+ Starlink terminals were operating in Ukraine by late 2023 (military and civilian combined, some donated). For telecoms specifically, Starlink terminals provide satellite backhaul connectivity that bypasses destroyed fiber routes, allowing base stations to continue operating even when terrestrial cable links are severed. The civilian Starlink rollout also provided internet access for millions of users, particularly in areas cut off from fiber networks.
- Are there areas of Ukraine with no mobile coverage?
- Yes. In the occupied territories, Ukrainian operators' networks are no longer operational — Russian operators (Beeline/MTS, Megafon, Tele2) have been deployed or coverage is simply absent. In active combat zones on the frontline (zero-to-two kilometre strip of territory in contested areas), all infrastructure has typically been destroyed and communications operate through military radio systems and Starlink. In rural areas of de-occupied territories (parts of Kharkiv, Kherson oblasts), base stations destroyed during occupation or combat have been rebuilt progressively but coverage restoration lags urban areas.
- What was Ukraine's telecom sector worth before the war?
- Ukraine's telecom sector was one of the most dynamic in Eastern Europe pre-war, with high mobile penetration (~130% SIM card penetration accounting for multi-SIM use), a nationally competitive broadband market, and active 4G deployment programs. Annual revenues across the sector were approximately USD 2–2.5 billion. The sector employed tens of thousands of engineers, technicians, and customer service staff. War damage, occupation of territory, and subscriber displacement have significantly reduced the addressable market and revenue base for all operators.
Sources
- SSSCIP Ukraine. Annual cybersecurity and telecom resilience reports 2022–2024. Kyiv: State Service of Special Communications.
- Kyivstar (Veon). Corporate statements and post-incident technical reports, December 2023. Amsterdam/Kyiv.
- Mandiant / Google Threat Intelligence. Sandworm and Ukraine telecom attack attribution analysis. 2024.
- NCCIR Ukraine. Telecommunications sector emergency measures during wartime. Kyiv, 2022–2024.
- EU NIS Cooperation Group. Cybersecurity in armed conflict: lessons from Ukraine. Brussels: EU, 2024.
Regional Analysis: Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity
The regional dimensions of the Russia-Ukraine conflict are shaped by geography in profound ways. Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity as a geographic and political entity has been affected by the war's dynamics in specific ways that reflect its location relative to front lines, its economic structure, demographic composition, historical characteristics, and administrative capacity. Regional analysis provides essential granularity to assessments that might otherwise obscure the highly differentiated impacts and responses across Ukraine's diverse territory.
Infrastructure destruction has imposed highly uneven burdens across Ukrainian regions, with areas closest to active combat experiencing the most severe damage to housing, transport networks, industrial facilities, and utilities. Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity sits within this damage landscape in a specific way, with its geographic position determining exposure to aerial bombardment, artillery fire, and ground combat. Post-war reconstruction planning must account for these regional disparities in damage and prioritize resources based on both humanitarian need and strategic recovery priorities.
Population dynamics in Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity have been fundamentally altered by the conflict's displacement effects. The internal displacement of Ukrainians away from frontline regions has depopulated some areas while creating strain on receiving communities. Return migration when security conditions permit will be shaped by the availability of housing, economic opportunities, and public services. Long-term demographic trajectories will depend on reconstruction investment, security guarantees, and the differential experiences of displaced populations who may have built new lives elsewhere during the conflict.
Economic activity in Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity reflects the wider disruption of Ukraine's wartime economy but with region-specific characteristics. Agricultural economies in southern and eastern regions face mine contamination, disrupted supply chains, and infrastructure damage alongside the direct security threat. Industrial concentrations in eastern Ukraine have been particularly severely damaged. Western regions have experienced economic stimulus from hosting displaced populations and receiving reconstruction investment, though these gains are offset by the costs of hosting and service provision.
Administrative Capacity and Governance
Local and regional governance in Telecom Network Damage in Ukraine: Cyberattacks, Tower Strikes, and Wartime Connectivity faces the extraordinary challenge of maintaining public services, coordinating humanitarian assistance, and beginning reconstruction planning under active wartime conditions. Ukrainian regional administrations have demonstrated significant adaptability, leveraging decentralization reforms implemented before the war to maintain flexibility in crisis response. International technical assistance, digital governance tools, and emergency financing mechanisms have supported administrative continuity in areas experiencing severe disruption. Building lasting administrative capacity in the region is essential to both wartime governance and the post-conflict recovery trajectory.