Ukraine at D+203: Consolidation and counteroffensive.
N2K logoSep 15, 2022

Ukraine consolidates its hold on liberated territory as its counteroffensive continues. Russia seeks diplomatic support from China, but observers think such support unlikely to result in the military assistance Russia wants and needs. Nuisance-level deniable hacktivism continues in the Russian interest, and Primitive Bear is back and phishing for espionage marks.

Ukraine at D+203: Consolidation and counteroffensive.

Ukraine continues its counteroffensive, and consolidates gains in the Kharkiv Oblast. President Zelenskyy attended a flag-raising ceremony in Izium yesterday, for example, to mark that city's liberation, the AP reports..Russia's retreats continue, and its forces retaliate with missile strikes against civilian targets. Such attacks can be launched at long ranges from relatively static positions, and thus are less affected by two of the glaring weaknesses the war has revealed in the Russian army: inability to maneuver and poor aptitude for close combat. The Telegraph reports that the most recent strikes, yesterday, targeted a dam over the Inhulets River with a view to flooding the city of Krivih Rih. This is a large industrial town of negligible immediate military value, but it is President Zelenskyy's home town, which is probably enough to put it on the Russian target list.

In its morning situation reports, the UK's Ministry of Defence looks at the Russian retreat from the Kharkiv Oblast and sees mixed evidence of unit discipline and cohesion. "Ukrainian forces continue to consolidate their control of newly liberated areas of Kharkiv Oblast. Russian forces have largely withdrawn from the area west of the Oskil River. The way in which Russian forces have withdrawn in the last week has varied. Some units retreated in relatively good order and under control, while others fled in apparent panic. High-value equipment abandoned by retreating Russian forces included capabilities essential to enable Russia’s artillery-centric style of warfare. Amongst these are at least one ZOOPARK counter-battery radar and at least one IV14 artillery command and control vehicle. Such abandonment highlights the disorganised retreat of some Russian units and likely localised breakdowns in command and control."

Diplomacy: Russia seeks support from China as Germany calls for a Russian withdrawal.

Russia seeks support from China for its war, as Presidents Putin and Xi hold a summit meeting in Uzbekistan. The AP reports that Mr. Putin thanked China for what he characterized as its "balanced" attitude toward his war, but it's thought unlikely, according to the Telegraph, that Beijing will deliver much if any of the immediate and tangible military assistance Russia requires.

Al Jazeera reports German Chancellor Scholz's take on his recent, ninety-minute phone call with President Putin during which he urged the Russian leader to pull his forces out of Ukraine, respect that country's territorial integrity, and seek a diplomatic solution. But what Mr. Scholz was selling, Mr. Putin wasn't buying. “Sadly, I cannot tell you that the impression has grown that it was a mistake to begin this war,” the Chancellor told reporters. “And there was no indication that new attitudes are emerging.” Chancellor Scholz was particularly concerned, according to POLITICO, with Russia renouncing plans for annexation of Ukrainian territory. An official German statement said, “The chancellor stressed that any further Russian annexation moves would not go unanswered and would not be recognized under any circumstances,” but again, Mr. Putin wasn't buying.

Nuisance-level DDoS and cyberespionage continue to mark Russia's cyber campaign in the hybrid war.

Killnet, the nominally hacktivist outfit that works for Russian intelligence services, counted coup against Japan recently, another country Moscow views as unfriendly. The group claimed last week to be responsible for distributed denial-of-service attacks against some Japanese government websites, Asia News Network reports. The attacks had only minor effect on their targets.

This morning researchers with Cisco's Talos Group reported that Gamaredon, that is, Primitive Bear, has continued its efforts to compromise Ukrainian institutions in a long-running cyberespionage campaign. The technique is phishing, and the phishbait is news about the war. "Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint."

As sanctions continue to bite, there's a real possibility that Russian cyber operators will turn to industrial espionage, the Record says, as they attempt to regain access to technology now denied them. In this they would appear to be following the North Korean model, where making money for the state has long been a central goal of offensive cyber operations.