Ukraine at D+288: A resumption of drone strikes and a stalled ground offensive.
N2K logoDec 9, 2022

A resupply of drones from Iran enables Russia to resume its war against civilians.

Ukraine at D+288: A resumption of drone strikes and a stalled ground offensive.

Very heavy artillery fire is now reported all along the Donetsk line, but with no signs so far of any Russian advance. Russian maneuver forces remain focused on the symbolic objective of Bakhmut.

When you have to buy your drones from Iran, there's something wrong with your supply chain.

Russian forces, after a three-week lull, have resumed strikes against Ukrainian infrastructure with Iranian-made Shahed-136 drones. "For the first time in three weeks, there have been reports of attacks by Iranian-provided one-way attack (OWA) uncrewed aerial vehicles (UAVs)," the UK's Ministry of Defence wrote this morning. "These events remain to be verified, but it is likely that Russia exhausted its previous stock of several hundred Shahed-131s and 136s and has now received a resupply. On 06 December 2022, the Ukrainian General Staff reported shooting down 17 UAVs, including 14 Shahed-136s. On 07 December 2022, Ukrainian officials reported the use of Iranian-provided OWA UAVs targeting Zaporizhzhia and Dnipro oblasts. The last previously reported shooting down of Iranian Shahed-136s in Ukraine was on 17 November 2022. If verified, it is likely that Russia has recommenced attacks with newly delivered OWA UAV systems." The civilian targets being hit (unlike the legitimate military targets that aren't being struck) are stationary, easily located, and normally soft.

The dependence of an advanced military on Iran, of all places, for munitions is striking. It argues at the very least a failure of logistics, in all probability a failure of industrial mobilization, and perhaps a general and systemic industrial shortfall. But, as Gazeta quoted Mr. Putin this morning, when he was asked about problems with supply, the Russians are being reassured that they should trust no one's word on the matter other than that of Mr. Putin himself. And his word is that everything is ducky: "Everything is stable with us. There are no questions and no problems today.” (But tell that to the unhappy reservists conscripted to replenish the 1st Guards Tank Army. Still, vatnik, what're you gonna believe? Your President's press conference, or your own lyin' eyes?)

On the cyber front, nothing new.

Not really new: low-level incidents have been reported in Finland and Denmark, but without attribution to Russia (indeed, without attribution to anyone). There's an a priori likelihood that the attacks may represent nuisance operations by Russian auxiliaries, but that's at best circumstantial.

Impersonation scams: that's not Ukraine’s Ministry of Digital Transformation.

Other criminal groups have made use of the Russian war against Ukraine, and the widespread sympathy for Ukraine that war has aroused, to mount impersonation campaigns designed to steal crypto assets. A great deal of aid collected from people globally has been delivered to Ukraine in the form of cryptocurrency, and criminals have taken note of the opportunity that presents them. Domain Tools this morning provided an update of their ongoing study of criminal scammers who have sought to steal non-fungible tokens (NFTs) and cryptocurrency from retail investors.

"DomainTools observed and continues to track a cryptocurrency scam campaign impersonating Ukraine’s Ministry of Digital Transformation as part of a broader effort to steal non-fungible tokens (NFTs) and cryptocurrency from retail investors. Using the ruse of funding urgently needed military equipment and humanitarian supplies for Ukraine’s defense against a Russian invasion, a Twitter account with the username “@AidForUkraine_” began promoting two malicious lookalike domains central to this fraudulent fundraising campaign.... These two domains share a host that offers pivots to several different types of cryptocurrency scams likely operated by the same threat actors.

"In addition to showcasing cybercriminal opportunism, this campaign helps illustrate broader themes related to the underlying social engineering methods cybercriminals use to bypass a target’s healthy skepticism for illegitimate purposes as well as the power of pivoting through Internet infrastructure to identify and track malicious activity."

The good news, Domain Tools says, is that the relatively quick exposure of the scams has limited their effectiveness, and the hoods appear to have turned to other impersonations, and other forms of phishbait. But continued wariness and skepticism remain in order. If there's the prospect of making some quick alt-coin, the scammers won't hesitate to revert to saying that, no, really, take it straight from us, friend, the way to help suffering Ukraine is to click here.