At a glance.
- The curious case of drones over the Kremlin.
- How KillNet would be perceived.
- Iran integrates influence and cyber operations.
The curious case of drones over the Kremlin.
Two drones exploded over the Kremlin Wednesday in what the Russian government and state-controlled media have denounced as a "terrorist" attempt to assassinate President Putin, planned and instigated by the United States, and then carried out by Ukraine. But this account has been widely questioned. Ukraine's President Zelenskyy has denied any involvement in the incident, which was so small as to barely qualify as an attack. (Video of the incident showed a small explosion, of the sort that might be caused by the fireworks a short-range commercial drone could carry. In any case there were no casualties and no damage.) Russian reaction has been strong, including calls for the complete destruction of Kyiv, the killing of every member of the Ukrainian government, and the extension of the war to Western capitals.
As the AP puts it: "A cloud of questions hangs over the claim. Why did the Kremlin announcement come about 12 hours after the purported incident? Why did no reports of explosions emerge prior to the announcement on the messaging apps that remain full of chatter despite Russia’s crackdown on media and criticism of the war in Ukraine? Why didn’t videos of the purported attacks appear until after the announcement? Why haven’t the images been verified?" The Atlantic runs down the possible explanations for the incident, which we gloss as follows:
- It might have been a short-range drone strike launched by deep-penetration Ukrainian forces. This seems unlikely.
- It might have been an attack by Russian dissidents.
- It might have been either one of the above, detected and permitted by Russian security services with the aim of pushing the Kremlin toward a harder war policy.
- Or, and this has been the subject of much well-informed speculation, it might have been a provocation, a false-flag operation designed to afford a pretext for nominally retaliatory strikes, an expanded war, and a spur to full mobilization.
In any case, while the military effects of whatever happened in Moscow are less than negligible, they're likely to bulk large in Russian influence operations.
"I'm half-man, half-horse, half-alligator, with a little bit of snappin' turtle throwed in."
Oh, wait. That was Davie Crockett, not KillMilk, the King of the Wild Frontier, not some tool behind a keyboard in a crumbling Russian office park. But the tone of the brag isn't far off. KillNet is going to take down governments and bring scunnion of all kinds down on the heads of the Collective West, especially those Anglo-Saxons who've been so much in the news. Sez KillNet.
KillNet held an Ask Me Anything session on their telegram page on Saturday to answer questions about their new self-designation as a Private Military Hacking Company. The questions raised were mostly regarding how the PMHC will operate. When asked about the structure of their organizations, KillNet responded, “We created four sub-detachments consisting of former cybercriminals and former members of special services (not only from Russia). At the current time we are ready to not only defend the motherland, but also conduct computer network attacks and destruction of intruders of different levels throughout the world.”
KillNet has announced that it would henceforth act as a private military hacking corporation, a kind of Wagner Group for cyberspace. The group is now saying, basically, that they're half-patriot, half-gangsta, with a little bit of hacker throwed in. Maybe. But at RSAC last week Illia Vitiuk, Ukraine's head of the Department of Cyber Information Security in the Security Service of Ukraine, presented the case, CyberScoop reports, that there are no genuine hacktivists working in the interest of Russia. “More than 90% of all cyber attacks targeting Ukraine are either conducted by special services or by state sponsored groups,” Vitiuk said. “I do believe that there is no so-called ‘hacktivism’ in Russia at all.” He described a brief wave of pre-war Russian arrests of cybercriminals as effectively an intimidation campaign: work for the security organs or face the consequences. The arrests of some REvil members in the weeks before the war were an example of that kind of strong arm recruitment. Noting that the prosecutions had all stalled by May, Vitiuk added, “This was an attempt to intimidate them and others to show that you need to work for us. And now you need to work against Ukraine.” Recruiting auxiliaries to work as fronts for Russian security and intelligence services would not have been particularly difficult. The ties between the organs and the underworld have been close for a long time.
Iran integrates influence and cyber operations.
Microsoft has observed Iran making increasingly sophisticated attempts at influence operations. "Microsoft has detected these efforts rapidly accelerating since June 2022. We attributed 24 unique cyber-enabled influence operations to the Iranian government last year – including 17 from June to December – compared to just seven in 2021. We assess that most of Iran’s cyber-enabled influence operations are being run by Emennet Pasargad – which we track as Cotton Sandstorm (formerly NEPTUNIUM) – an Iranian state actor sanctioned by the US Treasury Department for their attempts to undermine the integrity of the 2020 US Presidential Elections." The new playbook is predictable but no less influential for its templated quality. A campaign begins with a "cyber persona" announcing and usually exaggerating a low-grade cyberattack. That announcement is then picked up, distributed, and amplified by inauthentic personae using the target audience's native language. "The goals of its cyber-enabled IO have included seeking to bolster Palestinian resistance, fomenting unrest in Bahrain, and countering the ongoing normalization of Arab-Israeli ties, with a particular focus on sowing panic and fear among Israeli citizens."