Ukraine at D+656: Russia and Ukraine exchange cyberattacks.
the cyberwire logoDec 12, 2023

Russia and Ukraine exchange cyberattacks, the former against a mobile and Internet provider, the latter against Moscow's taxman.

Ukraine at D+656: Russia and Ukraine exchange cyberattacks.

Ongoing missile strikes represent a long-term infrastructure program by Russian forces.

The Russian Central Election Commission has announced that it will hold voting for the 2024 re-election of President Putin in its illegally occupied Ukrainian territories. "Russia will likely use the March 2024 presidential election to further establish a veneer of legitimacy for its occupation of Ukraine as it has done during the illegal 2022 annexation referenda and the 2023 regional elections," the Institute for the Study of War wrote in its assessment. "The CEC will likely use these differing procedures to falsify votes in Putin’s favor and claim a high voter turnout while falsely portraying occupied Ukraine’s participation in the election as legitimate to the international community."

Night operations are a problem for Russia's army.

The UK's Ministry of Defence (MoD) this morning called attention to a generally overlooked shortfall in Russian capabilities: night fighting. "Russian forces highly likely continue to struggle when fighting at night. Numerous reports from combatants have highlighted this trend since the start of the war," the MoD wrote. "in late November 2023, a social media user claiming to be a Russian soldier serving in Kherson highlighted the shortage of night vision goggles (NVGs) and low-light cameras for uncrewed aerial vehicles. NVGs have frequently featured high in the lists of equipment Russian units request from their families and supporters. Ukrainian forces have often been equipped with night vision devices from international partners." More important than equipment shortages, however, is a training shortfall. "There is also likely a cultural element to Russia’s problem: Russian military training has rarely emphasised night exercises, instead typically building towards set-piece, daylight events to impress visiting senior officers. In contrast, the Russian soldier claimed Ukrainian forces 'move mostly at night.'" Thus the Russian army has disregarded Suvurov's maxim, "Hard on the parade ground; easy on the battlefield." The emphasis on training theater is more Potemkin than Suvurov.

Large eyes, but the stomach? Maybe not so much.

Having lost control of the Black Sea, the Russian Navy nonetheless intends to extend its reach across the world's oceans, hoping thereby to enhance its international influence. President Putin enunciated this implausible vision for what is arguably close to becoming a fleet-in-non-being during remarks delivered at the commissioning of two submarines at Severodvinsk: the cruise missile carrier Krasnoyarsk (a Yasen-M class submarine) and the intercontinental ballistic missile carrier Emperor Alexander III (a Borei-A Class submarine). Both warships will be assigned to the Pacific Fleet. He also intends to strengthen the Northern and Black Sea Fleets. The Pacific Fleet is intended to menace mainly Japan; the Northern Fleet to threaten Finland. Both countries' offense is their support for Ukraine. (A note on naval tradition: the most distinguished Russian admiral, John Paul Jones, worked under contract for the Tsarina Catherine the Great. He reposes in his tomb in Annapolis, Maryland. No comparable successor has yet appeared.)

Kyivstar sustains disruptive cyberattack.

Ukraine's largest mobile service provider, Kyivstar, yesterday sustained a cyberattack that disrupted telephone service and Internet access across much of its network. Ukrainian authorities are investigating, and, the Kyiv Post reports, quoting the SBU: "The Security Service of Ukraine (SBU) has opened criminal proceedings into a cyber attack on one of the national mobile operators, Kyivstar. One of the versions currently being investigated is that the special services of the Russian Federation may be behind this hacker attack.” According to Reuters, Kyivstar was unambiguous in attributing the incident to Russia.

Approximately 24 million customers' mobile service was affected, as were more than a million customers' home Internet connectivity. Although Kyivstar says their data weren't compromised, the company did say that two customer databases had been "damaged," and were now "locked." One noteworthy effect of the attack was a minor but significant impact on infrastructure: streetlights in Lviv had to be turned off manually. Their remote controls ride on Kyivstar's network.

Ukraine's GUR claims to have successfully attacked Russia's tax service.

Ukraine's military intelligence service, the GUR, claims to have conducted a disabling cyberattack against Russia's tax service. Interfax quotes the GUR: "During the special operation, military intelligence officers managed to penetrate into one of the well-protected key central servers of the Federal Tax Service (FTS of the Russian Federation), and then into more than 2,300 of its regional servers throughout Russia, as well as on the territory of the temporarily occupied Crimea. As a result of the cyberattack, all servers received malicious software." An IT company that provides support to financial services was also hit. The GUR added, "As a result of two cyberattacks, the configuration files that have been ensuring the functioning of the extensive tax system of the Russian Federation for years have been completely eliminated – the entire database and its backup copies have been destroyed. Communication between the central office in Moscow and 2,300 Russian territorial administrations is paralyzed, as well as between the Federal Tax Service of the Russian Federation and Office.ed-it.ru which was a data center (data bank) for the tax service."