Ukraine at D+397: Cyberespionage and battlespace preparation.
N2K logoMar 28, 2023

Russian attacks show little progress in either Bakhmut or Avdiivka. British and German tanks arrive in Ukraine. The cyber phase of Russia's hybrid war has shifted toward espionage, with disruptive attacks largely in the hands of hacktivist auxiliaries.

Ukraine at D+397: Cyberespionage and battlespace preparation.

Ukraine's spring offensive may be closer. British Challenger and German Leopard tanks have now arrived in Ukraine.

Avdiivka seems to have become a second Bakhmut.

One difference is that the glory of victory in Avdiivka would go to the Russian regulars, and not the Wagner Group, which has trumpeted Bakhmut as its own fight. The Russian offensives against both cities seem at this point to have stalled, but both cities have been reduced to ruins.

The morning situation report from the UK's Ministry of Defence describes heavy Russian losses in armor around Avdiivka, and attendant morale problems in Russia's 3rd Army Corps. "In recent days, Russia has continued to prioritise an operation attempting to encircle the Donetsk Oblast town of Avdiivka. However, Russian forces have made only marginal progress at the cost of heavy losses in armoured vehicles. Russia’s 10th Tank Regiment has likely lost a large proportion of its tanks while attempting to surround Avdiivka from the south. The regiment is part of 3rd Army Corps, the first major new formation Russia stood up to support the invasion of Ukraine since August 2022. Numerous open-source accounts suggested that 3rd Army Corps has been particularly dogged by problems with ill-discipline and poor morale. Despite a likely period of training in Belarus, the formation still appears to display limited combat effectiveness. 10th Tank Regiment’s losses have likely largely been due to tactically flawed frontal assaults similar to those in other recent failed Russian armoured attacks, such as around the town of Vuhledar."

Unconfirmed reports of more Russian command shake-ups.

The Institute for the Study of War looked yesterday at how the rumored relief of Colonel General Rustam Muradov from command of the Eastern Group of Forces has been received by Russian "milbloggers," the generally pro-regime and pro-war observers who post their views online:

"Muradov took command of the Russian Eastern Military District (EMD) on October 6, 2022, and has overseen a series of disastrous offensive operations led by EMD elements in western Donetsk Oblast over the past five months. One milblogger claimed that Muradov is on 'vacation,' which the milblogger noted is tantamount to resignation. Others claimed that Muradov’s removal is a positive step but stated that Muradov’s replacement is more important than his removal. Some milbloggers noted that Muradov was responsible for significant Russian military failures in western Donetsk Oblast, including the high casualties suffered in the assault against Pavlivka in October-November 2022 and the prolonged and failed effort to take Vuhledar. Independent Russian investigative outlet Vazhnye Istorii (iStories), citing sources close to the Russian General Staff, reported that the Russian General Staff accused Muradov of being inept due to battlefield failures and significant losses in western Donetsk Oblast, including the near obliteration of the Tatarstan 'Alga' volunteer battalion. One prominent milblogger claimed that military authorities are also considering dismissing Western Military District Commander Colonel General Yevgeny Nikiforov, whose forces operate along the Kupyansk-Svatove-Kreminna line in eastern Ukraine."

The Institute for the Study of War reads the milbloggers' discussions as a symptom of "broader disillusionment with Russian military command." The need for overhaul, if not actual reform, has been a recurrent theme of the milbloggers over the course of Russia's war. In general they favor the identification and punishment of unsuccessful commanders as opposed to any systematic examination of Russian military failure that might argue for serious reforms in the way forces are manned, trained, equipped, and deployed.

On President Putin's Saturday nuclear saber-rattling, the milbloggers' response is described as "muted." They generally perceive the announcement of a planned deployment of tactical nuclear weapons as aimed at frightening Western audiences as opposed to gaining any tactical or operational advantage in the invasion of Ukraine.

Russian hacktivist auxiliaries target the French National Assembly.

NoName057(16), a Russian hacktivist auxiliary, claims to have conducted a distributed denial-of-service (DDoS) attack against a website belonging to France's National Assembly. Privacy Affairs reports that the site went down early yesterday morning and remained unavailable into the afternoon. The site is now back online.

Radware, in the course of an overview of hacktivism in Russia's war, offered this assessment of the group that's claimed responsibility: "NoName057(16) is a pro-Russian threat group known for launching defacement and DDoS attacks against Ukraine and those that directly or indirectly support Ukraine. The hacktivist group formed in March of 2022 on Telegram and became a notable threat group. While less media savvy than Killnet, it is considered one of the most active groups—and the most prominent threat to western organizations."

SSSCIP on recent trends in cyberattacks sustained by Ukraine.

The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) yesterday tweeted an appreciation of how Russian cyberattacks have progressed during Russia's war. Local government has eclipsed the defense industry as the second most targeted sector. "While central government remains a major target for russian #hackers, we also record a significant number of attacks on local-level authorities (second largest number of attacks). Security and defense sector used to be ranked second a year ago." SSSCIP adds, "Cert_UA is recording a certain drop in the number of #cyberattacks on the security and defense sector and a growing amount of incidents in the public sector, as well as attacks on software developers, Internet service providers, and commercial companies."

There's also been a shift toward espionage as opposed to disruption. "This year, we record an increased number of attacks aimed at #espionage with a focus on maintaining continued access to target organizations. Applications for data collection and remote access to user devices prevail among the #malware spread by russian #hackers. We see this as a clear sign that russia is gearing up for a long #war. Through their hackers, they try to get any information that might be useful for conventional #warfare against our country — from military draft data to #weapon logistics secrets." With that said, infrastructure remains a favored target set. This is consistent with both espionage and battlespace preparation. "Civil infrastructure remains a major target for russian #hackers."