Ukraine at D+343: Preparing for an attack on the war's anniversary.
N2K logoFeb 2, 2023

Ukraine expects a major Russian offensive to mark the war's first anniversary later this month.

Ukraine at D+343: Preparing for an attack on the war's anniversary.

February 24th will mark the first anniversary of Russia's invasion of Ukraine, and the start of a war that most observers expected to be over in a matter of days. Ukraine's Defense Minister, Oleksii Reznikov, said that Russia's partial mobilization had enabled it to stage some 500,000 troops near the front, and that Ukrainian intelligence estimates regard a major Russian offensive on the anniversary of the invasion as likely. French outlet BFMTV quotes Reznikov on Russian intentions: “We think, given that they live in symbolism, they will try something around February 24."

Russian arms sales grow less attractive to prospective customers.

The UK's Ministry of Defence sees problems with Russia's arms industry. The war against Ukraine has affected its place in international markets, and not for the better. "Russia’s role as a reliable arms exporter is highly likely being undermined by its invasion of Ukraine and international sanctions. Even before the invasion, Russia’s share of the international arms market was declining. Now, when faced with conflicting demands, Russia will almost certainly prioritise deploying newly produced weapons with its own forces in Ukraine over supplying export partners. A shortage of components is likely affecting the production of equipment for export, such as armoured vehicles, attack helicopters, and air defence systems. In addition, Russia’s ability to sustain support services for existing export contracts, such as providing spare parts and maintenance, is likely to be seriously disrupted for at least the next three to five years." The combat performance of Russian systems has also not enhanced their international reputation.

Gamaredon update: the APT is more interested in collection than destruction.

Russian deployment of wiper malware in the latter part of January has drawn a great deal of attention, and it was certainly a significant development, but a report by Ukraine's State Cyber Protection Centre of the State Service of Special Communication and Information Protection notes that Gamaredon's recent activity has had a more traditional objective: "Analyzing the actions performed on the infected host after gaining the opportunity to execute PowerShell commands, we can conclude that adversaries are focused more on espionage/infostealing rather than system destroying activity." Gamaredon, also known as Primitive Bear, or, in Ukraine's taxonomy, UAC-0010, is generally associated with Russia's FSB.

Recovering from gangland's cyberattacks.

KillNet's recent wave of distributed denial-of-service (DDoS) attacks against US hospitals seems to have ebbed, as may be seen in the case of ChristianaCare, whose website has returned to normal.

Other Russian criminal organizations, notably LockBit, continue to infest targets in the West. The Telegraph reports that LockBit has deployed ransomware against the Ion Group, a provider of software to financial traders. The Telegraph says the incident, which began Tuesday, has thrown the City into "chaos," and Ion placed the number of clients affected at forty two. According to Bloomberg, the US Treasury Department is more phlegmatic, saying yesterday that the attack poses no “systemic risk to the financial sector.”

The two gangs present an interesting contrast. KillNet has from its inception positioned itself as a patriotic hacktivist group working in the Russian interest, and it's behaved accordingly. LockBit, on the other hand, while Russophone and based in Russia, declared its neutrality at the outset of the war against Ukraine. They are, the gang says, "apolitical" criminals. Nonetheless, LockBit attacks targets outside of Russia, and for the most part in country's Russia regards as hostile. It also seems to have inherited some of the code and personnel Conti left behind when it retired its brand, and Conti made no mystery about its own sympathies--it was solidly in the Russian camp. It's probably best to make a distinction. KillNet is an auxiliary of the Russian organs. LockBit is a tolerated privateer, permitted to operate as long as its crimes are consistent with Russian interests.