Ukraine at D+14: Prebunking a provocation. Regular and irregular hacking. Atrocities and incompetence.
N2K logoMar 10, 2022

Information operations, cyberespionage, and nuisance attacks mark the cyber phases of Mr. Putin's hybrid war. The Russian army turns to terror to redress battlefield failure.

Ukraine at D+14: Prebunking a provocation. Regular and irregular hacking. Atrocities and incompetence.

The Russian advance into Ukraine remains difficult at best, stalled at worst. Russia's Belarusian ally seems to have grown increasingly reluctant to join the kinetic fight, although it's providing aid in cyberspace. Negotiations between the Russian and Ukrainian foreign ministers began in Turkey yesterday, but without much result. That's to be expected. It's noteworthy that, in the opening days of their invasion, Messrs. Putin and Lavrov had made Ukrainian surrender a precondition of negotiation. Moscow has clearly relaxed that hard line.

Prebunking an information operation.

Western intelligence services, particularly in the US and UK, have been unusually open and forthcoming in their discussion of Russian actions against Ukraine. Much of that openness has been devoted to what some journalists have called "prebunking," hitting the credibility of disinformation before it's found its legs and gained traction. Yesterday's warning by the White House that Russia may be planning to use chemical weapons seems to be another case of prebunking a building provocation the Kremlin may be preparing. Russian sources have claimed that Ukraine (probably with American assistance) has been preparing both biological and chemical weapons, and those claims have been seconded and amplified by Chinese media. (The claims about bioweaponry have additional interest for China, which continues to feel embarrassment, deservedly or not, over the apparent origins of COVID-19 in a Wuhan wet market.)

Western sources see this as an incipient provocation. The Atlantic Council describes the early stages of this information operation:

"In remarks to Russian media on March 9, Foreign Ministry spokesperson Maria Zakharova escalated Kremlin claims that Ukraine intended to use nuclear or biological weapons against Russia. According to the Foreign Ministry Twitter account, Zakharova said that Russia decided to capture the Chernobyl and Zaporizhzhia nuclear power plants “exclusively to prevent any attempts to stage nuclear provocations, which is a risk that obviously exists.” 

"Meanwhile, Zakharova went on to “confirm” that Russian special forces had collected proof that Ukraine and the US Department of Defense attempted to destroy evidence of a biological weapons program at the start of the Russian invasion. “We confirm that the special military operation in Ukraine revealed facts of the emergency eradication by the Kiev regime of traces of the military biological program implemented by Kiev with funding from the US @DeptofDefense,” the Foreign Ministry Twitter account quoted her as saying. Zakharova’s remarks reinforced claims made by Russia’s Defense Ministry on March 6."

White House Press Secretary Psaki tweeted a US response to Russian allegations:

"We took note of Russia’s false claims about alleged U.S. biological weapons labs and chemical weapons development in Ukraine. We’ve also seen Chinese officials echo these conspiracy theories.This is preposterous. It’s the kind of disinformation operation we’ve seen repeatedly from the Russians over the years in Ukraine and in other countries, which have been debunked, and an example of the types of false pretexts we have been warning the Russians would invent. The United States is in full compliance with its obligations under the Chemical Weapons Convention and the Biological Weapons Convention and does not develop or possess such weapons anywhere."

She mentioned specifically Russia's use of its Novichok nerve agent in the attempted assassination of a GRU defector in the UK (she might also have mentioned that the failed assassination killed at least one uninvolved and utterly innocent bystander). "It’s Russia that has a long and well-documented track record of using chemical weapons," she said, "including in attempted assassinations and poisoning of Putin’s political enemies like Alexey Navalny." She added, "It’s Russia that continues to support the Assad regime in Syria, which has repeatedly used chemical weapons. It’s Russia that has long maintained a biological weapons program in violation of international law."

And the disinformation fits Moscow's style of provocation:

"Also, Russia has a track record of accusing the West of the very violations that Russia itself is perpetrating. In December, Russia falsely accused the U.S. of deploying contractors with chemical weapons in Ukraine.

"This is all an obvious ploy by Russia to try to try to justify its further premeditated, unprovoked, and unjustified attack on Ukraine.

"Now that Russia has made these false claims, and China has seemingly endorsed this propaganda, we should all be on the lookout for Russia to possibly use chemical or biological weapons in Ukraine, or to create a false flag operation using them. It’s a clear pattern."

Nuclear, biological, and chemical weapons are the three traditional classes of weapons of mass destruction whose use has been either restricted or, in the case of biological weapons, prohibited entirely by international law. At the outset of his war Mr. Putin alluded to NATO and Ukrainian nuclear ambitions as offering partial grounds for what he characterized as a defensive, protective, military operation. The addition of chemical and biological weapons to the list of Russian charges is significant. Russia may or may not have a biological arsenal, and if it does, using it will prove difficult, perhaps difficult to the point of impossibility. But it certainly does have a chemical arsenal and a well-articulated doctrine for that arsenal's use. The disinformation effort charging Ukraine with preparation for chemical and biological war may be designed to afford a pretext for the use of chemical weapons in particular.

The current state of cyberwar.

Russia's war against Ukraine has yet to see the widespread and disabling cyberattacks many had predicted, but cyber operations continue at a low but constant level. Both sides seem to be making use of regular intelligence services as well as irregulars. The Ukrainian irregulars have tended to be hacktivists drawn to Kyiv's cause (and at Kyiv's invitation). The Russian irregulars have tended to be familiar underworld privateers who've long operated at Moscow's sufferance.

Fox News, citing sources in the US Intelligence Community, reports that cyberattacks against US companies active in the liquified natural gas (LNG) sector conducted two weeks before the invasion of Ukraine may have been battlespace preparation. CISA, the report says, is presently working to confirm that this is indeed what the attacks represented. Researchers at Resecurity had earlier made a similar claim.

Chinese cyberespionage operations have lately taken a close interest in European foreign ministries and aid organizations working to bring assistance to Ukraine. There are signs that this activity may be coordinated with Russia's campaign. Google researchers identify three state actors particularly engaged in collecting against Ukraine and governments sympathetic to Kyiv:

"FancyBear/APT28, a threat actor attributed to Russia GRU, has conducted several large credential phishing campaigns targeting ukr.net users, UkrNet is a Ukrainian media company. The phishing emails are sent from a large number of compromised accounts (non-Gmail/Google), and include links to attacker controlled domains....

"Ghostwriter/UNC1151, a Belarusian threat actor, has conducted credential phishing campaigns over the past week against Polish and Ukrainian government and military organizations....

"Mustang Panda or Temp.Hex, a China-based threat actor, targeted European entities with lures related to the Ukrainian invasion. 

 Google also notes that nuisance-level distributed denial-of-service attacks have continued to affect Ukrainian government sites.

Hacktivists who identify themselves with the Anonymous collective, and who've taken up Ukraine's cause, are tweeting, Security Affairs reports, about various website defacements and text campaigns they're operating in the hope of degrading Russian morals. HS Today writes that Anonymous claims to now control over four-hundred Russian camera feeds. It's using the compromised feeds to distribute "anti-propaganda to open the eyes of Russian civilians."

Companies have been taking measures to protect themselves from feared and expected Russian cyberattack. The large French bank BNP Paribas is one example. Evidently concerned with the possibility of insider threats, the bank has excluded its Russian workers from BNP Paribas internal networks.

Russian officers make war against civilians, and betray their own troops.

It's difficult to write about Russian combat actions in measured terms, and so we ask your indulgence for what follows.

There are two traditional categories under which the justice of any war is assessed: jus ad bellum (the rightness of going to war in the first place) and jus in bello (how the war is conducted by all sides, once they've engaged). Jus ad bellum basically prohibits aggression, and jus in bello proscribes unnecessary suffering and, especially, attacks against noncombatants. Russia's war in Ukraine flunks both tests, but its failures with respect to jus in bello are most on display this week.

The UK's Ministry of Defence (MoD) tweeted a current operational map of Ukraine yesterday afternoon, under the heading "The illegal and unprovoked invasion of Ukraine is continuing." A subsequent spot report, also from the MoD, confirmed Russian forces' use of thermobaric weapons, and that confirmation is sourced to the Russians themselves: "The Russian MoD has confirmed the use of the TOS-1A weapon system in Ukraine. The TOS-1A uses thermobaric rockets, creating incendiary and blast effects."

Two points are worth making about Russia’s conduct of its war of aggression. First, the Russian army is showing far more tactical incompetence than most observers would have expected. Not only have logistics broken down, but the invading maneuver forces are clearly roadbound and frequently tactically clueless. One piece of what purports to be, and indeed appears to be, Ukrainian gun camera video tells the story. A Russian armored column, moving down a road, comes under attack, either by drone or by ambush, and the column stops even as vehicles are hit and destroyed. Whether you're ambushed or under air attack, the one thing you don't do is stop in the middle of an open road. For a modern army to behave that way under fire argues a significant breakdown of training and leadership.

Second, Russian commanders have clearly turned to a policy of direct attack against civilians, many of them trying to flee the fighting, as the Russian forces turn to direct terrorism in an attempt to redress battlefield failure. The airstrike that reduced a maternity hospital in Mariupol to rubble has attracted a great deal of attention, and has been widely condemned as an atrocity. It might be written off as an accident, but unfortunately it's not a one-off. Combat is always ugly and heedless, but, to take another case witnessed by several journalists, adjusting mortar fire onto a fleeing civilian family--mother, father, and two children--is deliberate, intentional, cruel, unambiguous, and utterly unforgivable.

President Putin of course bears the primary responsibility for his war of aggression, but the officers commanding Russian forces in the field carry a heavy burden of guilt for their conduct of Mr. Putin's war. Not only are they making innocent Ukrainian civilians (many of them, especially in cities like Kharkiv, the very ethnic Russians Mr. Putin has announced his intention to rescue) their objective, but they're betraying their own troops (now acknowledged to be significantly composed of conscripts). Poor training, slipshod logistics, and inept leadership will prevent many of the soldiers in their charge from ever returning home. These officers have disgraced their profession and betrayed the people it's their duty to serve. May the Russian people have a reckoning with their officers as soon as possible. And may the civilized world have its own reckoning with Mr. Putin and his circle.