Ukraine at D+518: Ukraine attacks toward the Sea of Azov.
N2K logoJul 27, 2023

Ukraine's counteroffensive enters a new phase. Russian cyber operations continue to support strategic as opposed to tactical objectives.

Ukraine at D+518: Ukraine attacks toward the Sea of Azov.

Ukraine appears to have opened a significant new phase of its counteroffensive, which has been in progress for weeks, but which has developed slowly. The main attack is being made in the south, in the Zaporizhzhia Oblast, and the operational objective is the Sea of Azov. Reaching the sea would sever occupied Crimea from Russia proper. The attack represents a significant offensive; whether it's the inaugural phase of a new, major effort remains, the Washington Post writes, unclear; it could still represent a feint. President Putin acknowledged the new offensive in remarks offered on the side, during his summit with African leaders. “We confirm that hostilities have intensified and in a significant way," he said. He also claimed that the Ukrainian attack had already failed, but no one outside of Russian official circles seems to credit that. Ukrainian President Zelensky was, in a video address last night, optimistic without revealing many details. “Today our boys had very good results at the front. Good for them. Details will follow," the Telegraph quotes him as having said.

US officials have outlined three reasons their Ukrainian counterparts have offered for the new offensive. The New York Times reports three reasons anonymous Washington sources offer for the scale and timing of the present attack:

  • "Recent advances." Ukraine's counteroffensive has been in progress for seven weeks, in three principal zones of attack stretching for more than nine-hundred miles. The operations have been probing and preparatory, intended to develop weak points in Russian defenses and clear obstacles to follow-on attacks. Progress has been slow but steady, and may now have reached the point where a major offensive is a realistic possibility.
  • "Russian turmoil." Internal fissures within Russia's leadership afford an opportunity Ukraine can exploit on the battlefield. Disaffection between frontline mercenaries and regulars on the one hand and the Ministry of Defense on the other may have rendered Russian defenses uncertain and irresolute.
  • "Potential Russian vulnerabilities." These vulnerabilities have been induced by Ukrainian combat operations, notably artillery programs and diversionary operations. Russian lines of communications are at risk and Russian logistics have been disrupted even as frontline casualties have mounted. The Times quotes an anonymous "Western official" who said, yesterday, "The Russians are stretched. They are still experiencing problems with logistics, supply, personnel and weapons. They’re feeling the pressure.”

The British Ministry of Defence looks at tactical air operations in Zaporizhzhia. "As Ukrainian forces continue major offensive operations in Zaporizhzhia Oblast, one of the single most influential Russian weapon systems in the sector is the Ka-52 HOKUM attack helicopter. Russia has highly likely lost around forty Ka-52s since the invasion, but the type has also imposed a heavy cost on Ukraine. In recent months, Russia has highly likely augmented the force in the south with at least a small number of brand new, Ka-52M variants: a heavily modified aircraft, informed by lessons from Russia’s experience in Syria. Evidence supporting the M variant’s use in Ukraine includes photos posted on social media of aircrew posing next to the new aircraft and thanking well-wishers for sending them morale items. Another key improvement to the Ka-52 fleet is the integration of a new anti-tank missile, the LMUR, which has a range of approximately 15km. Ka-52 crews have been quick to exploit opportunities to launch these weapons beyond the range of Ukrainian air defences." 15 kilometers is outside the range of the shoulder-fired Ukrainian Stinger air defense missiles. It's within the range of larger systems, but those can find it difficult to engage targets at very low altitudes.

SiegedSec hits NATO sites.

BleepingComputer reports that NATO has confirmed it's investigating claims that the alliance's Communities of Interest (COI) Cooperation Portal has been compromised by the Russian hacktivist auxiliary SiegedSec. COI is a collaboration portal used for exchange of unclassified information. SiegedSec posted some 845MB of allegedly stolen files to a dump site. The group said, in its Telegram channel, "Do you like leaks? Us too! Do you like NATO? We don’t! And so, we present...a leak of hundreds of documents retrieved from NATO’s COI portal, intended only only for NATO countries and partners.”

Security firm Cloudsec has published the results of its own investigation, and they believe the compromise to have been accomplished with stolen credentials. "With low confidence and no direct proof, we assess that the credentials for the compromised user account may have likely been sourced from stealer logs." SiegedSec has been active since April of 2022 and claims to be animated by a zeal to expose NATO human rights abuses. This is a retaliation against the countries of NATO for their attacks on human rights," the group said on Telegram, adding "We hope this attack will get the message across to each country within NATO.” SiegedSec is not known to have engaged in financially motivated cybercrime (such as ransomware) and it says it's not involved in supporting Russia's war. The timing of the group's appearance and its target set render that claim implausible.

Rosa Smothers, former CIA Cyber Threat Analyst and current SVP of Cyber Operations at KnowBe4, commented that the group isn't obviously in it for the cash. "SiegedSec is not your typical ransomware group, they are not financially motivated. They're hacktivists who are more interested in stealing and leaking data to make a statement. Over the last few months there have been claims by multiple groups of NATO leaks but the screenshots they've provided look legitimate. Full names, photos and home addresses were included in the leaked data which poses a direct threat to those NATO personnel." She adds, in an understatement, "Interesting that they targeted NATO for what they claim are human rights abuses, yet there's no indication they've attacked the Russian government." Of course not--SiegedSec is a Russian auxiliary, not a disinterested human rights advocate.

The current state of Russian censorship.

As internal stress increases with continued indifferent-to-poor performance in its war against Ukraine, Russia has increased its domestic censorship. The New York Times puts that increase at "thirty-fold." The Times cites a report by the University of Toronto's Citizen Lab, which yesterday released a study of censorship of the social platform Vkontakte (which translates to "In contact;" the service is roughly speaking a Russophone analog to Facebook). Citizen Lab found that 94,942 videos, 1,569 community accounts, and 787 personal accounts had been blocked. Vkontakte's censorship runs mainly inside Russia. The censorship doesn't appear to extend to Vkontakte users in Canada or Ukraine. The blocking and takedowns are driven by content, and include media reports on Russia's war against Ukraine.