Russian forces have intensified their conventional and in practice indiscriminate bombardment of Ukrainian cities. The Black Sea port of Kherson has fallen, the first Ukrainian city of any size to be taken by Russian forces, but the assault on Kyiv remains stalled. The UK's Ministry of Defense, in its daily public appreciation of the situation, says the Russian column advancing on Kyiv has made "little discernible progress in over three days." NATO has stepped up delivery of weapons and other materiel to Ukraine, the New York Times reports.
Western companies continue to exit the Russian market as the country's financial system reels on the verge of collapse. The AP reports that Russia has become a commercial pariah, as Western companies increasingly refuse to do business there.
The United Nations General Assembly condemns Russian aggression against Ukraine.
The UN General Assembly voted yesterday to condemn Russia's invasion of Ukraine. In its official statement, the UN wrote: "Deploring in the strongest terms its aggression against Ukraine in violation of the Charter of the United Nations, the Assembly also demanded the Russian Federation immediately and unconditionally reverse its 21 February decision related to the status of certain areas of the Donetsk and Luhansk regions of Ukraine."
Ukraine expresses an intention to hit Russian infrastructure in cyberspace.
Ukraine's Ministry of Defense has recruited private operators to help wage a cyberwar against Russia. That recruitment isn't principally designed to provoke a cyber rave or cyber riot on the part of outraged sympathizers freelancing as volunteer militia (although that's also happened, certainly in the case of website defacements and service interruptions conducted by Anonymous and others). There are reports that the Ministry has asked a local cybersecurity expert and businessman, Yegor Aushev, to organize a cyber offensive that would go beyond DDoS and defacement and seek to cripple Russian infrastructure, with particular attention to railroads and the power grid. Ukrainian officials declined a request for comment by Reuters.
DanaBot used in distributed denial-of-service attacks against Ukraine's Ministry of Defense.
Russia's cyber operations against Ukraine may be continuing to take advantage of services offered in the criminal-to-criminal market. Zscaler describes the way in which the malware-as-a-service platform DanaBot is being used to run a distributed denial-of-service attack against the Ukrainian Ministry of Defense. Zscaler's research report stops short of attribution: "It is unclear whether this is an act of individual hacktivism, state-sponsored, or possibly a false flag operation."
Ghostwriter resurfaces, with a phishing campaign.
Proofpoint has published a report on a phishing campaign it's calling "AsylumAmbuscade," and which it links to UNC1151, which Proofpoint associates with the Belarusian threat actor it tracks as TA445. That group is most familiar in its GhostWriter guise, in which throughout 2021 it mounted influence campaigns against European targets, especially in Latvia, Lithuania, and Poland. AsylumAmbuscade represents an intelligence collection effort. It seems particularly interested in the movement of refugees around and out of Ukraine, and it is, the Record reports, paying particular attention to targeting European officials involved in refugee relief. (There may now be around a million Ukrainian refugees, according to the AP.)
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.