On 12 December 2023, Ukraine’s Defence Intelligence Directorate (GUR) announced that it was responsible for infecting thousands of servers belonging to Russia’s federal tax service (FNS). GUR claims that their attack caused the complete destruction of FNS’ configuration files and has said they estimate the agency will never fully recover from the attack. GUR claims their attack affected both the central FNS servers and more than 2,300 regional servers throughout Russia, effectively paralyzing the agency.

This is a major win for Ukraine, who appears to be attempting to cause damage to Russia’s ability to pay its soldiers and to collect revenue in the first place. If the damage is as severe as they claim, Russia will need to quickly respond and find a way to continue to collect and distribute money to sustain its war effort.

On the same day, it is unknown if this is a response to the FSS attack, Ukrainian telecom operator Kvivstar was hit with a major cyberattack, which has left millions without cellphone and internet service. Although details remain limited at this time, some media outlets are reporting that sources are saying “internal servers” are affected. What is interesting is the response is that Kvivstar is looking to create a duplicate their system as opposed to restoring it, which was on the order of Ukrainian security forces and for Kvivstar to isolate the impact of the attack.

This is a major attack to both the civilian and military of Ukraine. As The Grugq has noted, Ukraine uses cell service for air raid warnings and impacts the military’s command and control due to the use of cellphones for communication. Although the military implications will not be as big as the Viasat hack, this hack affect approximately 26 million users. This is more than half the population of Ukraine. This attack effectively reduces the communications capacity of Ukraine and has led to a scramble by everyone to get replacement services. This scramble means existing non-Kvivstar networks will be strained to meet the increased demand.

By knocking out Kvivstar, Russia at least temporarily shapes the digital landscape by limiting where operations and actions are taking place and thus limiting their area of operation. Further, in theory, with the major influx of people seeking new services risks additional infection or compromise if other providers are unable to as effectively spot bad actors who are hijacking or relying on their networks.

The attack on Kvivstar is not likely to affect the frontline, but it creates a massive headache for Ukraine whose means of communication and data that they may have taken for granted is now gone, at least temporarily.