Ukraine at D+531: Spyware attempt against tactical networks.
N2K logoAug 9, 2023

Long-range strikes, continued ground attacks, possible diversionary activities, and Black Sea combat mark Russia's war at midweek. Ukraine says it detected and stopped a spyware campaign against its tactical networks.

Ukraine at D+531: Spyware attempt against tactical networks.

Little changed overnight along the front. Ukraine claims "partial success" in the southern zone, and Russian failure to retake ground farther north.

The Institute for the Study of War reported yesterday that Ukrainian forces had crossed the Dnipro River in the Kherson Oblast, but the initial crossing was relatively small, and it was unclear whether it represented the establishment of a bridgehead or simply a raid. An explosion at a factory near Moscow injured forty-five, the Guardian reports, and while Russian sources put it down to an accident with pyrotechnics, the cause remains unknown.

The Black Sea as a war zone.

The New York Times discusses how the Black Sea has become a war zone. The sea is an important trade route for both belligerents, but especially for Russia.

The UK's Ministry of Defence describes the logistical challenges Russia now faces in the Black Sea. "On 4 August 2023, the Russian merchant tanker (MT) Sig was attacked and disabled near the Kerch Strait, apparently by an Uncrewed Surface Vessel (USV). This came a day after a similar attack on the Olenegorsky Gornyak landing ship, and two days after an apparently foiled attack on Russian patrol boats while they were likely escorting the Russian merchant vessel (MV) Sparta IV. Although civilian-flagged, MT Sig and MV Sparta IV have long been contracted to ship fuel and military supplies between Russia and Syria." The surface drone attacks are complicating the problems of supplying Russian forces operating abroad. "Since 28 February 2022, Russian military ships have not been able to pass through the Bosphorus, leaving Russian military forces in Syria and the Mediterranean heavily dependent upon Sig, Sparta IV, and a handful of other civilian vessels. The attacks show that USV operations are increasingly a major component of modern naval warfare and can be turned against the weakest links of Russia’s sea supply lanes."

Ukraine claims to have stopped a Russian cyberattack.

Reuters reports that the Security Service of Ukraine (SBU, also known by its translated acronym SSU) said yesterday that a Russian attempt to compromise the Ukrainian Armed Forces' combat information system had been detected and thwarted. According to the Record, the SBU identified the threat actor responsible as the GRU's Sandworm. The Ukrainian security agency says it stopped the Russian military operation in its planning phases. Sandworm's goal is thought to have been the compromise by spyware of Android devices used in Ukrainian tactical networks, but the SBU didn't reveal the specific systems the GRU had targeted. Ukrainska Pravda cites SBU sources as saying Sandworm was trying to work from Ukrainian tablets captured on the battlefield. Their intention was to use those devices to access Ukrainian networks and use that access to spread about a dozen spyware programs.

Report: Data breach at UK's Electoral Commission may represent a Russian attempt to disrupt British elections.

The Telegraph reports that the ransomware attack and attendant data breach at the UK's Electoral Commission may have been directed by Russian intelligence services and intended to disrupt British elections. While the incident was detected in October of 2022, the Electoral Commission only yesterday issued a public notification of the attack. Considerable personally identifying information was exposed, and, as is often the case with Russian operations, it will be difficult to distinguish conventional cybercrime from cyberespionage and state-directed influence operations.