Ukraine at D+293: Kinetic conflict-in-place.
N2K logoDec 14, 2022

Stationary lines as Russia continues to dig in, and Ukraine knocks down more Russian drones over Kyiv.

Ukraine at D+293: Kinetic conflict-in-place.

The UK's Ministry of Defense this morning reviewed increasingly critical comments from nationalist Igor Girkin. "On 06 December 2022, Igor Girkin, a well-known Russian nationalist and former military intelligence officer, claimed he had spent two months embedded with a Donetsk People’s Republic battalion on the front line. He said his recent experiences had revealed a ‘crisis of strategic planning’ in Russia’s Ukraine operation. Since his deployment, Girkin has also derided the Russian military’s current emphasis upon constructing extensive, positional defensive works, questioning their utility in modern warfare." Fixed field fortifications are certainly no military panacea, but they do have their utility. One of their uses is to give exhausted, poorly trained, badly equipped, poorly motivated something to do that represents at least a simulacrum of tactical purpose. The MoD sees Mr. Girkin's outburst as representative of fissures (albeit from a fringe figure) within the Russian establishment. "His comments highlight the fraught debate about the conduct of the war which continues within Russia’s security community. Rumours circulating on social media within the last 48 hours suggesting that Russian Chief of the General Staff General Valery Gerasimov could have been fired cannot be verified. However, factional tensions likely extend to the top of Russia’s military hierarchy."

Industry comment on DolphinCape.

As we saw yesterday, the State Service for Special Communications and Information Protection of Ukraine warned of an ongoing phishing campaign, which according to the Record, has mostly targeted government agencies and the rail transportation sector. The phishing email spoofs communications from the State Emergency Service of Ukraine, and the lure is a how-to on spotting and coping with drone attacks. Joe Gallop, Cyber Threat Intelligence Manager at Cofense, draws attention to the details of lure design in a phishing campaign:

“Though there is no confirmation yet, it is likely that DolphinCape is a Russian operation, designed to interrupt Ukraine’s railway systems while Russia loses ground in the war. Phishing, as a threat vector, targets the habits, concerns, and interests of humans. Phishing attacks are common in Ukraine, accounting for about 70% of all cybercrimes. In the last year, the country has been hit with various phishing attacks from Russia, including one in April from the threat actor Armageddon that baited Ukrainian and Latvian government officials with information about the Ukraine-Russian war. The unfortunate irony in this particular attack is that the phishing emails included warnings on how to identify a kamikaze drone while unsuspecting Ukrainians remained unassuming about the real attack that was taking place. 

"Lure design is one of the critical components of a phishing email. Threat actors like to play the fear factor in commonplace phishing campaigns, drawing on fears raised by unpaid invoices, account security notices, IRS inquiries, termination notices, etc. In this campaign targeting Ukrainian government agencies, the threat actors took things a step further, getting more targeted and personal with military conflict fears. While CERT-UA hasn't indicated how successful this campaign was in compromising Ukrainian government employees, it's clear that very little is out of bounds for these threat actors. Users must not only be trained to recognize emails with suspicious topics and content but should have this training regularly enough to minimize emotional reactions when a real phishing email does come through.

"To prevent future phishing attacks, organizations need to prioritize knowing how to recognize phishing emails. Indicators that an email may be a phishing attempt include an improper tone or greeting, grammar or spelling errors and inconsistencies in email addresses, links and domain names. It is also essential that the necessary steps are taken to protect inboxes, detect threats, and respond to an attack. Adopting actionable intelligence that gives visibility into the risk factors in your network and immediately and decisively responds to phishing threats will help keep malicious actors at bay and ensure the protection of sensitive data.” 

US indicts five Russian nationals on sanctions-evasion charges.

The US Department of Justice announced yesterday that five Russian nationals had been indicted in connection with violations of sanctions and export controls. Yevgeniy Grinin, Aleksey Ippolitov, Boris Livshits, Svetlana Skvortsova and Vadim Konoshchenok are charged with are charged with "conspiracy to defraud the United States as to the enforcement of export controls and economic sanctions; conspiracy to violate the Export Control Reform Act (ECRA); smuggling; and failure to comply with the Automated Export System relating to the transportation of electronics." The indictments are the result of work by Task Force KleptoCapture, an interagency group formed specifically to enforce sanctions and go after the corrupt oligarchs who are so often responsible for their violation. Four of those indicted remain at large, but one, Mr. Konoshchenok, whom Justice calls "a suspected officer with Russia’s Federal Security Service (FSB)," was arrested in Estonia last week and is awaiting extradition to the US.