Ukraine at D+120: Russia's maximalist war aims.
N2K logoJun 24, 2022

Russia says the war will end if and only if all of its demands are met. Lithuania warns of a rising DDoS threat. Considerations on why think tanks are targets of cyber operations.

Ukraine at D+120: Russia's maximalist war aims.

Russia continues its slow, crushing advance into the rubble of Sieverodonetsk as, according to the Telegraph, Ukrainian defenders slowly withdraw.

Russia's war aims, Kremlin spokesman Dmitry Peskov says, remain unchanged. The war will end, Mr. Peskov says, when and only when Ukraine "fulfills all the requirements of the Russian side." He declined to specify those requirements, since "Ukraine knows everything very well."

Today's situation report from the UK Ministry of Defence turned to the state of the Russian air force, and its apparent use of pilots employed by the Wagner Group. "Ukrainian forces have announced that the pilot of a Russian Su-25 FROGFOOT ground attack aircraft shot down on 17 June was captured shortly afterwards." (The Su-25 is roughly the Russian equivalent of the American A-10.) "The pilot has confessed to being a former Russian air force Major, who had taken employment as a Wagner military contractor and had flown several missions during the conflict. The use of retired personnel, now working as Wagner contractors, to conduct close air support missions indicates that the Russian air force likely is struggling to support the invasion of Ukraine with sufficient aircrew. This is likely due to a combination of Russia’s insufficient numbers of suitably trained personnel and its combat losses. Whilst conducting his missions, the Russian pilot reportedly used commercial GPS devices rather than Russian military navigation equipment. This likely indicates that Wagner aircraft are older models of the Su-25 and that the Russian air force is not providing Wagner with up-to-date avionics equipment."

The US Air Force Chief of Staff, speaking at the Hudson Institute, expressed surprise at the Russian air force's difficulties in achieving air superiority, something it has yet to gain. "I think for me it's surprising for the Russians because the systems they're going against are their own systems," Business Insider quotes General Charles Brown Jr. as saying. "They should know them fairly well and how to defeat them. It kind of [raises] a real question for me: How come they don't understand their own systems and how they might defeat their own systems?"

Lithuania's NKSC warns of increased DDoS threat.

BleepingComputer reports that Lithuania's National Cyber Security Center (NKSC) has issued a public warning that the threat of distributed denial-of-service attacks is rising. "Most of the attacks are directed against public authorities, the transport and financial sectors, leading to temporary service disruptions," the alert says. "The NCSC urges all managers of critical information infrastructure and state information resources to take additional security measures and to follow the NCSC recommendations for protection against service disruption attacks."

There's no explicit mention of Russian operations in the alert, but it's clear whence comes the threat. BleepingComputer notes that a nominally hacktivist group that claims to be acting in the Russian interest, “Legion – Cyber Spetsnaz RF” declared (in a Telegram post) cyberwar against Lithuania, and published an ambitious target list: "large banks, logistic companies, internet providers, airports, energy firms, mass media groups, and various state and ministry sites." BleepingComputer reads the Cyber Spetsnaz as an offshoot of Killnet. "Spetsnaz," we observe, is the Russian term for its military special forces, throat-cutting operators who've inherited their tradition from the Cold War Soviet Army. Rough Western equivalents would be "Cyber SAS," or "Cyber Commandos," or "Cyber Rangers," a little grandiose and a little puerile, and, so far, more than a little unearned.

The Cyber Spetsnaz declaration dates from Lithuania's decision to forbid shipments of sanctioned goods through its rail corridor to the detached Russian enclave of Kaliningrad. Reuters reports that Moscow has blamed Lithuania's action on Washington. "The so-called 'collective West', with the explicit instruction of the White House, imposed a ban on rail transit of a wide range of goods through the Kaliningrad region," the Russian Foreign Ministry said in a statement.

Think tanks as targets.

Microsoft's much-discussed report, "Defending Ukraine: Early Lessons from the Cyber War," includes an account of Russian targeting in the cyber phases of its hybrid war against Ukraine. "Russian targeting has prioritized governments, especially among NATO members," the report says. "But the list of targets has also included think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers." While Russian cyber operations have, as many have observed, fallen as far short of the widespread devastation of infrastructure as Russian combined arms operations fell short of the conquest of Kyiv (both widely expected), they've enjoyed some success. "Since the start of the war, the Russian targeting we’ve identified has been successful 29 percent of the time. A quarter of these successful intrusions has led to confirmed exfiltration of an organization’s data, although as explained in the report, this likely understates the degree of Russian success."

About twelve percent of the organizations targeted were non-governmental organizations "that most typically are either think tanks advising on foreign policy or humanitarian groups involved in providing aid to Ukraine’s civilian population or support for refugees." Recorded Future notes that think tanks often appear on intelligence services' target lists.

It's not difficult to see why. In many countries think tanks serve as holding pens for shadow subcabinets. In the US, for example, when there's a change in Administration, a lot of the Assistant Secretaries of (your Cabinet Department here) will have come from stints at Brookings, or the JFK School, or CSIS, or the Manhattan or Heritage or Hoover institutes. The think tanks are well-connected with governments and can be conduits of access and insight for a hostile intelligence service. The think tanks are also sources of influence, and shaping their output offers the promise of amplifying points-of-view a hostile government might wish to see gain currency, especially among their adversaries' elites. In the Russian system, Microsoft's report says, think tanks are the special province of the SVR, the foreign intelligence descendant of the KGB.