Ukraine at D+588: Drone strikes and naval redeployment.
N2K logoOct 5, 2023

Russia tightens its control over its own information space as its control of the Black Sea is increasingly contested.

Ukraine at D+588: Drone strikes and naval redeployment.

Ukrainian drones struck a Russian S-400 air defense missile battery near Belgorod last night, the Telegraph reports, although with what results remains unclear. It's at least the third strike on S-400 batteries since August. Two S-400 units were destroyed in Crimea during August and September.

At least 49 people were killed by a Russian missile strike against a memorial service in the village of Hroza, near Kharkiv.

Russian naval units withdraw from Sevastopol.

The Institute for the Study of War (ISW) yesterday described the Black Sea Fleet's withdrawal from occupied Sevastopol. "The Russian military recently transferred several Black Sea Fleet (BSF) vessels from the port in occupied Sevastopol, Crimea to the port in Novorossiysk, Krasnodar Krai, likely in an effort to protect them from continued Ukrainian strikes on Russian assets in occupied Crimea. Satellite imagery published on October 1 and 3 shows that Russian forces transferred at least 10 vessels from Sevastopol to Novorossiysk. The satellite imagery reportedly shows that Russian forces recently moved the Admiral Makarov and Admiral Essen frigates, three diesel submarines, five landing ships, and several small missile ships. Satellite imagery taken on October 2 shows four Russian landing ships and one Kilo-class submarine remaining in Sevastopol. Satellite imagery from October 2 shows a Project 22160 patrol ship reportedly for the first time in the port of Feodosia in eastern Crimea, suggesting that Russian forces may be moving BSF elements away from Sevastopol to bases further in the Russian rear."

The Wall Street Journal counts three submarines, two frigates, and one patrol craft in the displacement to the Russian port of Novorossiysk. Other, smaller vessels, are moving to other Crimean ports. The Journal characterizes the move as a "painful" setback for Russia.

The repositioning seems to be an interim measure intended to increase the security of the Fleet's bases. Where are the ships headed, ultimately? Possibly, Reuters reports, to Abkhazia. The Russian state-run news service Izvestiya quotes Aslan Bzhania, "the self-styled president of Russian-backed Abkhazia," as saying he had concluded an agreement with the Kremlin for the establishment of a permanent base. "We have signed an agreement, and in the near future there will be a permanent base of the Russian Navy in the Ochamchira district. This is all aimed at increasing the level of defence capability of both Russia and Abkhazia, and this kind of interaction will continue." Abkhazia is a Georgian province Russia detached during a five-day war in 2008 and accorded recognition as an independent state. That status is largely unrecognized internationally. Abkhazia is in roughly the same situation as Transnistria and South Ossetia, also detached from independent states in the Near Abroad (from Moldova and Georgia, respectively), and recognized as independent by Russia but almost no one else.

To compensate for the withdrawal from Sevastopol, Russia is said, the Guardian reports, to be considering mining Ukrainian grain ports. The goal would be interdiction of food shipments, not destruction of warships.

Extensive civil defense exercises seem to be routine.

"In recent days, Russia has been conducting civil defence exercises across much of the country, based on a scenario of large-scale international armed conflict." While widespread, the exercises represent nothing new. This week's drills are like those held for more than ten years, the UK's Ministry of Defence reports. "These exercises have taken place annually since 2012 and coincide with Russian Civil Defence Day on 4 October. This year’s exercises are unlikely to have been dramatically changed or expanded. For generations, the USSR and then Russia has paid attention to domestic preparations for a major conflict. However, even with the ongoing war in Ukraine, it is unlikely Russia has significantly changed its posture of national preparedness in recent months." Thus they don't seem to have any particular significance for the current war against Ukraine.

Tightening control over the Russian information space.

The ISW also reported what it characterized as an intensification of "digital authoritarianism." The Russian Prosecutor General’s Office has asked that VKontakte block posts from relatives of mobilized servicemen that call for their return home. The Prosecutor General's request effectively has the force of law: dissemination of "unreliable information" about the special military operation is legally prohibited.

Russia's FSB on Tuesday proposed that the Duma expand the FSB's authority over personal and geolocation data. This authority would be in addition to earlier proposals to give the FSB complete access to user data handled by Russian internet, banking, and telecom companies. The model appears to be China. There's even a project underway in which "the Russian State Social University is developing and testing a social rating system for Russians based on the Chinese model and that the intended generated social scores will link to personal data that government entities and banks will have access to."

KillNet affiliate Anonymous Sudan interferes with streaming services.

Distributed denial-of-service (DDoS) attacks remain the characteristic technique of Russian hacktivist auxiliaries. Most recently Anonymous Sudan, a KillNet affiliate, interrupted Netflix service in a number of countries, nominally for the purpose of blocking LGBTQ+ content, but probably in fact simply because the disruption would attract attention. Richard Wallace, Cyber Threat Intelligence Analyst at Vercara explained, “In addition to targeting Netflix, Anonymous Sudan also claimed responsibility for attacks on Hulu on the same day (29SEP23). Anonymous Sudan has become Killnet’s main DDoS subgroup while the main Killnet organization transitioned to more of an administrative and propaganda role. Earlier this year, Anonymous Sudan made a threat to attack any and all US based organizations in response to the ongoing military and financial aid to Ukraine. This is not the first time Vercara has observed the Killnet collective targeting sites they deem immoral: in the past, they have targeted OnlyFans as well as dark-web sites selling illegal drugs. Anonymous Sudan will use any excuse to legitimize their DDoS attacks against Western and European countries in order to gain free publicity, continue recruitment, and solicit funding to further their operations.”

Improving cyber resilience, with private-sector support.

Distributed denial-of-service has been the typical mode of Russian cyberattack after the wiper incidents of the war's first weeks, with cyberespionage predominating since the end of 2022. Viktor Zhora, Deputy Chairman of the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, described in a conversation with Akamai how the threat has evolved, and the contribution corporations have made to Ukrainian cyber defenses. Zhora describes how its services have been used by Ukraine to offer a degree of protection.

A report from SSSCIP disclosed that in the first half of 2023 CERT-UA's investigations have doubled. Russian cyberespionage has paid particular attention to "the civic and law-enforcement sector," with a focus on immediate data theft. The media sector has also been "under constant attack," with the energy sector also receiving Russian attention. For all the activity, improved resilience seems to have succeeded in reducing the effects of the attacks, with a 48% reduction in the "rate of cases with impact."

Deputy Chairman Zhora said, “The challenges became more and more hostile with the beginning of the war and this resulted for us in searching for cloud solutions that were capable of dealing with these volumes of traffic. And together with Akamai and other companies, we were able to build reliable solutions that continue to protect critical web resources of Ukrainian government.”