Ukraine at D+168: Offensive cyber ops are difficult.
N2K logoAug 11, 2022

Russia is struggling to replace both personnel and matériel lost in its invasion of Ukraine. Ukraine demonstrates an ability to hit Russian rear areas (including, possibly, some staging areas in Belarus). KillMilk is talking large about hacking Lockheed Martin, but evidence is scanty. ESET offers a post mortem of Industroyer2.

Ukraine at D+168: Offensive cyber ops are difficult.

The situation on the ground in Ukraine retains many of its depressingly familiar features. Ukrainian forces are said, by the Wall Street Journal, to be holding their ground in the Donbas, and Russian forces continue their record of brutal ineptitude, leveling towns and killing civilians.

The UK's Ministry of Defence (MoD) has been describing the challenges of filling the Russian army's depleted ranks with newly recruited personnel (and the AP has an account of how the authorities have been dragging prisons as part of their recruiting effort). This morning's situation report from the MoD turns to questions of matériel. Is Russia keeping up with losses of vehicles and equipment, especially given how important export of military systems has been to its economy? "Russia is highly unlikely to be capable of fulfilling some export orders for armoured fighting vehicles because of the exceptional demand for vehicles for Russia’s own forces in Ukraine, and the increasing effect of Western sanctions. Belarus has recently released details of a new domestically upgraded T-72B main battle tank (MBT). Belarus probably developed this alternative solution in place of an MBT modification programme previously contracted to Russian state-owned company UralVagonZavod." The MoD claims that poor combat performance has inflicted some reputational damage on Russia's arms industry. "Russia has long considered the defence industry to be one of its most important export successes. However, its military industrial capacity is now under significant strain, and the credibility of many of its weapon systems has been undermined by their association with Russian forces’ poor performance in the Ukraine war."

The personnel issues don't appear to have gone away. Leaked complaints obtained by Bellingcat and The Insider suggest, the Telegraph reports, that Russian soldiers deployed to Ukraine are increasingly disaffected from their leaders, and a common complaint is that they were committed to combat under false pretenses, in some cases not even told they were being deployed to Ukraine.

Ukraine strikes Russian air bases.

Ukraine claims to have destroyed nine Russian aircraft in a strike against the Saki air base in Russian-occupied Crimea, Military Times reports, but the damage may have been heavier than that: the Telegraph looks at satellite imagery, compares before with after pictures of Saki, and counts twenty aircraft destroyed in their revetments. How the strike was accomplished remains unclear, but the Washington Post, in an update, cites anonymous Ukrainian official sources to the effect that special forces played a central role in the attack. Whether the strike was sabotage, missile fire, or something else remains unknown, but one of the significant effects of Tuesday's operation is to demonstrate to Russia that its rear areas are vulnerable, and that its control of Crimea, seized from Ukraine in a 2014 invasion, is now in doubt, and will be contested.

For its part, Russia denies that there was any strike against Saki at all. Explosions in Saki's fuel or ammunition supplies (and they're not saying there were, you understand), those explosions (if they happened) were probably due to, as TASS put it, a "violation of fire safety requirements," which official Ukrainian wags characterize as blaming the explosion on a careless smoker. (To which one can only say, smoke 'em if you've got 'em, Ivan Illich.)

The Telegraph also reported that, early this morning, explosions were heard from the vicinity of the Belarusian Zyabrouka airfield, near the Ukrainian border. Zyabrouka has served as a major Russian base in Belarus. News about this incident, if it happened, is still developing.

KillMilk says his crew downed Lockheed Martin's website.

KillNet's founder, "KillMilk" by nom-de-hack, says his group took down Lockheed Martin's website, but the site looked fine to us early this morning. KillMilk also says they've obtained personal information on Lockheed Martin employees, which they may dump at some time of their choosing, but so far, as SiliconANGLE reports, citing Flashpoint researchers, there are no signs of such data having been published. Lockheed Martin told Newsweek that it's aware of the threat but "we remain confident in the integrity of our robust, multi-layered information systems and data security." The Russian threat actor singled out Lockheed Martin because it produces HIMARS.

Industroyer2, and what became of it.

A presentation ESET researchers delivered yesterday at Black Hat outlined what they saw of Russia's deployment of Industroyer2 against Ukraine during the present war. "Our analysis found that threat was bigger than expected," TechTarget quotes ESET's Robert Lipovsky as saying. "It was a new version of Industroyer, something which we hadn't seen in the last five years." Hard coding in the malware suggested to researchers that it had been prepared well in advance of its use, and thus was no wartime improvisation. Industroyer2 was specifically designed to disable circuit breaker protections.

The upgraded attack tool could have left about two-million Ukrainians without electrical power, had it been successfully deployed, but as it was the attempt was blocked. "The attack was thwarted thanks to a prompt response by the defenders at the targeted energy company, and the work of CERT-UA and our assistance," Lipovsky said. His colleague, Anton Cherepanov, told the conference that the attack was coordinated with a wiper attack (using CaddyWiper) intended to make recovery and remediation more difficult. Cherpanov also said that, while the threat was real, it shouldn't be exaggerated, either. "The threat shouldn't be hyped, but also should not be downplayed or underestimated," he remarked. "These threats are serious, but they can be thwarted by proper security measures."  ESET noted that a number of private companies, not just ESET, have rendered valuable assistance to Ukraine during Russia's hybrid war.