This morning's situation report (and situation map) from the UK's Ministry of Defense reports continued local Ukrainian advances and ongoing Russian attempts to reduce Mariupol by fire. Statements from the Kremlin maintain that Russia's cessation of operations against Kyiv and Chernihiv are good-will gestures intended to serve as a sweetener in negotiations between Moscow and Kyiv. The AP this morning reported that Deputy Defense Minister Alexander Fomin said that Russia had decided to “'fundamentally ... cut back military activity in the direction of Kyiv and Chernihiv' to 'increase mutual trust and create conditions for further negotiations,'” a statement that most outside observers view as an attempt to make the best of operational failure as opposed to a conciliatory gesture.
Cyberattack takes down major Ukrainian Internet provider.
Reuters reports that Ukrtelecom, Ukraine's major telecom provider of both Internet connectivity and mobile service, sustained a major cyberattack yesterday. It was apparently a distributed denial-of-service attack that Ukrtelecom described as "temporary difficulties with the installation of new Internet sessions for Ukrtelecom customers." Netblocks confirmed that Ukrtelecom service had indeed been disrupted. "Confirmed: A major internet disruption has been registered across #Ukraine on national provider #Ukrtelecom; real-time network data show connectivity collapsing to 13% of pre-war levels; the provider reports issues assigning new sessions." Forbes quotes senior Ukrainian officials as saying they're presently unsure whether the attack was a conventional distributed denial-of-service attack or represented a deeper intrusion into Ukrtelecom's systems.
GhostWriter reported to deploy Cobalt Strike against Ukrainian government targets.
GhostWriter, a threat actor associated with the Belarusian government, has been using spearphishing attacks to install Cobalt Strike Beacon in Ukrainian government systems. Security Affairs cites CERT-UA as the source of the report. Cobalt Strike is a common legitimate penetration-testing toolset that's been turned to illegitimate use by criminals and, as in this case, intelligence services.
Trickbot's role in Russia's war; Anonymous makes some large claims.
The Wall Street Journal has an account of a Ukrainian researcher's infiltration of chatter by the managers of the Trickbot banking Trojan. The group interpenetrates Conti's operators, and the chats disclosed show a similar commitment to Russia's war effort. They also indicate an interest in hitting Western targets, including US hospitals, but these should be taken with an appropriate grain of salt. Not only are the leaks so far unconfirmed by official sources, but criminals and privateers, like hacktivists, tend to crow large.
A similar tendency is probably in evidence on the Ukrainian side, where hacktivists who claim allegiance to Anonymous, say they're working on a data dump from their compromise of construction firm Rostproekt. "Anonymous, the decentralized international activist and hacktivist collective, stays true to its promise of dumping 'huge' data that will 'blow Russia away' by leaking hacked Rostproekt," @LatestAnonPress tweeted. Twitter has suspended some accounts associated with Anonymous, but Security Affairs reports that the hacktivist collective is saying that it's already counted coup against both the All-Russia State Television and Radio Broadcasting Company (VGTRK) and the Russian Central Bank.
Ukrainian intelligence services dox FSB officers.
Ukrainian intelligence services have released the names and addresses of six-hundred-twenty people they allege to be FSB officers. The Times reports that, "As well as names and addresses, the list includes details of agents’ cars such as their numberplates, their phone numbers and dates and places of birth." Some of the officers whose data were exposed, the Telegraph says, are believed to be operating in foreign countries including the UK. The data in the leaked files includes what appear to be entries in personnel files, like observations that one officer likes luxury cars, and that another drinks too much and has a propensity to violate traffic laws. The incident is an embarrassing black eye for the FSB, which has attracted President Putin's ire for what he retrospectively sees as misleadingly optimistic intelligence assessments of Ukrainian public opinion and will to resist a Russian invasion.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.