The UK's Ministry of Defence, in its most recent situation report on Russia's war against Ukraine, describes stalled Russian maneuver and intensive Russian fire.
UK and US intelligence services think Putin's been poorly served by his spooks and planners.
Speaking in Canberra this morning, GCHQ Director Jeremy Fleming said that President Putin had been poorly served by his intelligence services, but that at this point the intelligence and operational planning failures of his forces should be obvious to everyone in the Kremlin. US officials substantially agree with Sir Jeremy, and think those failures have raised tension between Mr. Putin and his Ministry of Defense, including Defense Minister Sergei Shoigu, the New York Times reports. Officials speaking with the AP suggest that the misinformation extends to the effects of Western sanctions on Russia's economy. The Telegraph has a rundown of reports and rumors of repercussions for Russian officials whose planning and reporting have served their President poorly.
Russian cyber operators collect against domestic targets.
Citing research by Malwarebytes, BleepingComputer describes a large-scale phishing campaign directed against potential Russian dissidents. It seems to be an internal security measure intended to keep an eye on dissatisfaction with the war and to offer a measure of insurance against the possibility of insurrection or coup d'etat. A malicious RTF file attached to a phishing email carries either a CobaltStrike or PowerShell payload. Employees of certain agencies are of particular interest to the organs carrying out the campaign, and it's interesting to see how many of them work for either educational organizations or regional authorities.
More details on the Viasat hack.
Viasat has provided more information on the cyberattack against ground terminals that knocked its satellite Internet service offline in Ukraine (and in other parts of Europe) during the early stages of the Russian invasion. The company says it's working to fully restore service to affected customers, and that it's taking other steps to shore up its resilience. Those steps it's prudently not sharing, since it doesn't wish to give the attackers insight into Viasat's own defenses.
Ukrainian hacktivists say they can interfere with Russian geolocation.
Defense One reports that Ukrainian operators, hacktivists of the CyberPan Ukraine group, say they've found weaknesses in Russian tactical battle management systems that render them susceptible to disruption by interfering with their ability to use GLONASS signals. (GLONASS is the Russian equivalent of the more familiar US GPS.) They also hint that they're exploring ways of directly interfering with Russian artillery computers, and that they've identified some possibly exploitable weaknesses in those systems. This wouldn't be surprising: Russia did it to the Ukrainians a few years ago. During the early stages of the Donbas insurrection Russia fomented and supported, CrowdStrike reported that Russian operators were able to gain access to Ukrainian fire direction systems.
Data compromise at Rosaviatsia considered as possible hacktivism.
Russia's aviation authority, Rosaviatsia, is reported to have lost some 65 terabytes of data in an incident it sustained this week, Mentour Pilot reports. Business systems and records, including aircraft registration records, are said to have been affected. It's not clear exactly what the incident was, even whether it was a cyberattack or an accident, although Anonymous has claimed credit. It's worth noting that, whatever the cause, safety of flight seems not to have been affected.
The potential for future cyberattacks.
Russia's war against Ukraine has yet to spill over, in significant ways, to other sections of cyberspace, but the US remains, C4ISRNet reports, on alert.
Google's Threat Analysis Group (TAG) has published an update on cyber threats in Eastern Europe. Some are criminal, and some are state-directed. Among the state-directed activity is an uptick in Chinese cyberespionage seeking to collect intelligence on the war.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.