Ukraine at D+537: Direct attacks on civilian targets, and realistic prospects for cyber ops.
N2K logoAug 15, 2023

Russian long-range strikes continue to hit civilian targets as Ukraine makes "incremental" progress on the battlefield. Realistic expectations of cyberwar look more like DDoS than they do Pearl Harbor.

Ukraine at D+537: Direct attacks on civilian targets, and realistic prospects for cyber ops.

As the week opened Ukrainian forces continued to make progress along an axis of advance roughly corresponding to the border between Donetsk and Zaporizhia, with the Azov coast representing the operational objective. The Institute for the Study of War reports that a shortage of operational reserves may be rendering "Russian defensive lines...brittle." Russian authorities in occupied Crimea are increasing penalties and tightening enforcement of laws designed to prevent citizens from providing combat information, including Russian unit locations, to Ukrainian forces. And, of course, Russian missile strikes against cities and towns, especially in Odesa and its environs, continue.

The Telegraph reports a shift in Russian targeting: accommodations used by journalists and aid workers now seem to figure as programs in missile strikes. The strikes have also moved to targets in western Ukraine, with Lviv hit particularly hard (and with civilian casualties.) Odesa remains a target, with drones hitting, the Guardian quotes local authorities as saying, "a residential building, a supermarket and a dormitory of an educational facility."

The "incremental advances" Ukraine has made during its counteroffensive prompt Western speculation that the decisive battle may well be fought next spring.

A domestic purpose in Russia's war.

The UK's Ministry of Defence this morning looked at the record of another semi-regular formation serving with the Russian Army: the Chechen Vostok Akhmat Battalion. "In an online post on 10 August 2023, Chechen leader Ramzan Kadyrov acknowledged the efforts of the Chechen Vostok Akhmat Battalion in the heavily contested Orhikiv sector in Zaporizhzhia Oblast. Kadyrov’s comments highlighted the continuing role of one of the premier Chechen units in this key area. Vostok officially comes under the command of the Southern Military District’s 42nd Motor Rifle Division which has been active around the village of Robotyne. Chechen forces comprise a relatively small but high-profile component of Russian forces in Ukraine. Kadyrov likely heavily promotes his units’ roles partially to burnish his credentials as a Putin loyalist."

Wartime stress on Russia's economy.

The ruble yesterday fell to its lowest level since the onset of the war last year, dropping in value to less than one US cent, the Wall Street Journal reports. The Journal attributes the drop in value to growing financial anxiety since the Wagnerite mutiny and to fissures in Kremlin leadership. “'The main source of ruble depreciation and inflation acceleration is loose monetary policy,' Maxim Oreshkin, President Vladimir Putin’s top economic adviser, wrote in comments carried by Russian state newswire TASS Monday. 'It is in the interests of the Russian economy to have a strong ruble,' he wrote." The central bank raised interest rates last month in an attempt to restrain war-driven inflation, but the circles around Mr. Putin regard the rate hike as a half measure. The New York Times reports that this week the central bank raised the rate by a further 3.5%. It's not clear that this will either control wartime inflation or reverse the decline of the ruble relative to foreign currencies.

A closer look at NoName057(16).

Radware researchers offered an unusually close look at the Russian hacktivist auxiliary NoName057(16). They presented their results at Black Hat, and also shared them with Cybernews, which has an extensive account of the study. They gained their insights by infiltrating the group. "So in the name of research," Cybernews writes, "the two security experts created a fake profile, joined the over 11K other volunteers following the group’s DDoSia Telegram channel, and downloaded detailed instructions on how to participate in the experimental 'gamification' challenge."

They see NoName ascending as its colleagues in Killnet and Anonymous Sudan decline: NoName is now by a considerable measure more active than other Russian hacktivist auxiliaries. NoName runs a platform, "DDoSia," which, as its name implies affords a way of crowdsourcing distributed denial-of-service (DDoS) attacks against targets in Ukraine and countries that support Ukraine (that latter category of targets is an expansive one, roughly coextensive with the civilized world). The researchers put the tally of attacks in the first half of 2023 at one thousand seventy four. Thirty-two different nations were hit in only one-hundred-seventy-six days.

The motivations of the hacktivists participating in DDoSia are mixed. They're driven in part by Russian patriotic zeal, but also in part by the promise of payment. NoName promises hundreds, sometimes thousands, of dollars in alt-coin to participants who earn it, but it's unclear how large the payouts have been. (There are suggestions that the pay amounts to not much more than beer money. That's enough to incentivize a slacktivist, but no one's getting rich on it.) The payment system isn't well constructed. The Radware researchers found that it was relatively easy to manipulate in ways that pulled in cryptocurrency a participant wouldn't otherwise be entitled to.

NoName is best known for nuisance-level attacks against vulnerable targets of opportunity, but Radware sees signs of that changing, as the auxiliary looks to higher value, higher payoff targets in critical infrastructure sectors. The researchers also don't see NoName and other hacktivist auxiliaries standing down when Russia's war eventually ends. They'll probably form an enduring feature of the threat landscape.

Perspective on cyberwar: Pearl Harbor it's not.

One of the striking features of Russian cyberwar during its invasion of Ukraine has been its surprising, to many, lack of decisive effect. Mieke Eoyang, US deputy assistant secretary of defense for cyber policy addressed the mismatch between expectation and reality during a presentation at DefCon. The cyber threat, she argued, is real, just not decisive in the way popular imagination expected it to be. She doesn't put it this way, but it's probably better to analogize cyber operations to espionage, reconnaissance, surveillance, and electronic warfare (and in fact it forms a species of all these) than to massive kinetic strikes. Policymakers often ask, Eoyang said, “Can you just give me a cyber option?” This, however, is tougher than it seems. “'It takes time and preparation, it takes understanding, it takes engineering, it takes coding' to design a cyberattack, she said. 'It’s not what I think a lot of people expect.'”