Ukraine at D+657: Complementary strikes against infrastructure.
the cyberwire logoDec 13, 2023

Russia continues to accept high casualties as hopes in Moscow grow that Western support for Ukraine will fade.

Ukraine at D+657: Complementary strikes against infrastructure.

Both sides made marginal advances yesterday, Russia around Avdiivka, Ukraine in the Kherson Oblast, but neither achieved a breakthrough. 

A costly war of attrition aims to outlast Western support for Ukraine.

"US intelligence reportedly assessed that Russian offensive operations in eastern Ukraine in fall 2023 and through the upcoming winter aim to weaken Western support for Ukraine instead of achieving any immediate operational objectives," the Institute for the Study of War reports. "US National Security Council Spokesperson Andrienne Watson reportedly stated that Russian forces have suffered more than 13,000 casualties and lost 220 combat vehicles along the Avdiivka-Novopavlivka axis (Avdiivka direction through western Donetsk Oblast) since launching offensive operations in October 2023. Watson added that Russia appears to believe that a military 'deadlock' through the winter will drain Western support for Ukraine and give Russian forces the advantage despite high Russian losses and persistent Russian shortages of trained personnel, munitions, and equipment."

The US Intelligence Community also adds its confirmation to other assessments that Russian forces have sustained casualties at a very high rate. "The declassified intelligence assessment reportedly stated that Russian forces have lost 87 percent of the total number of their pre-war active-duty ground troops and two-thirds of the tanks in their inventory before February 24, 2022. The declassified intelligence assessment reportedly stated that Russian forces lost 315,000 personnel out of the 360,000 personnel, 2,200 out of 3,500 tanks, and 4,400 out of 13,600 infantry fighting vehicles and armored personnel carriers that participated in the full-scale invasion of Ukraine. The assessment reportedly stated that Russian ground forces have lost over a quarter of their pre-invasion stockpiles of military equipment as of late November 2023, reducing the complexity and scale of Russian offensive operations in Ukraine."

Kinetic attacks against Ukrainian infrastructure.

Russia has embarked on a strong counter-infrastructure program, combining kinetic bombardment with cyberattacks against Ukraine's largest ISP. The goal is to outlast international support for Ukraine, as Moscow counts on softening Western aid to Kyiv. A ballistic missile strike against Kyiv overnight killed more than fifty people, the AP reports.

The UK's Ministry of Defence (MoD) describes the latest Russian drone tactics. "On 12 December 2023, Russia launched at least 15 Shahed One Way Attack Uncrewed Aerial Vehicles (OWA-UAV) from the Balaklava district of Crimea. This is a new OWA-UAV launch site to the south of Sevastopol. On 5 December, Russian officials claimed to have intercepted 41 Ukrainian UAV attacks on Russian military infrastructure in Crimea including in the vicinity of Cape Chauda. Cape Chauda, south east Crimea, is a known Shahed launch site used by the Russians since early September 2023. Balaklava is now the fifth confirmed OWA UAV launch site being used in Russian operations against Ukraine alongside the sites at Cape Chauda, Yeysk, Primorsko, and Kursk. Russia is highly likely dispersing its OWA UAV launch capabilities across several locations as both a force protection measure and to complicate Ukrainian air defence efforts. Russia will likely use additional launch sites in response to Ukrainian attacks, forcing Ukraine to adapt to new transit corridors of these systems."

Update: Russian cyberattacks against Ukraine's largest ISP.

Kvivstar, Ukraine's largest mobile service provider and ISP, has said that it's gradually restoring service in the aftermath of what Reuters calls "the biggest cyberattack of the war." Cell service has been affected, as have online financial services and various sections of Internet-connected infrastructure, like air raid sirens and public street lighting. Investigation continues, but the Russian hacktivist auxiliary KillNet (now under new management after Killmilk's retirement) was quick to claim credit for the operation. The Wall Street Journal notes that most informed observers regard KillNet's claim with skepticism. Ukraine's SSU continues to investigate, but strongly suspects the obvious: the cyberattack was probably the work of Russian intelligence services.

Yossi Rachman, Director of Security Research at Semperis, shared some comments on the attack and its implications:

"Since Russia invaded Ukraine last year, cybersecurity experts have been asking when a massive cyberattack against Ukraine would take place and could the results top the devastation caused by the WannaCry and NotPetya attacks from years ago?  

"And while yesterday’s widescale cyberattack by Russian operatives against Ukraine that knocked out mobile and internet services to millions of Ukrainians could be the first of a wave of attacks in the days ahead, only time will tell. And it is too early to tell how much damage these attacks have caused. Overall, no one should be surprised Russia attacked Ukrainian critical infrastructure, such as mobile phone carriers and internet services because that is how you cause the biggest disruptions and sow fear amongst the citizens – even more so with the disruption of the air raid alert system around Kyiv. While purely speculation at this point, it is more than ironic that the massive cyberattack was launched on the same day that Ukrainian President Zelensky met with high-ranking U.S. officials hoping to secure additional aid to support his country’s war effort.  

"Is this new attack the start of an escalation by Russia against other nations that support Ukraine? While too early to tell, it is unlikely Putin’s operatives will launch any widescale attacks in the U.S., but it would not surprise me to see activity in Europe. Let’s see how this plays out.  

"This brazen Russian cyberattack is a perfect moment in time for all critical infrastructure operators to prepare as much as possible for business disruptions. And while no security resiliency plan is full proof against an adaptive opponent such as Russia, it is crucial to have resiliency and recovery plans in place making sure they are ready-to-go and that security operation centers around the world stay on high alert. Because it is not a matter of if, but when other critical infrastructure operators will be under attack."

Update: Ukrainian cyberattacks on the Russian Federal Tax Service.

The Ukrainian Main Military Intelligence Directorate (GUR) released more details on its cyberattack against the Russian Federal Tax Service (FTS). "During the special operation," the GUR writes on its public website, "military intelligence officers managed to break into one of the well-protected key central servers of the federal taxation service (fts of the russian federation), and then into more than 2,300 of its regional servers throughout russia, as well as on the territory of temporarily occupied Crimea." (The lowercasing of "russia" and acronyms associated with the Russian government has become a standard gesture of contempt in Ukrainian official communications.) The GUR claims four days of disruption so far and predicts that it will take at least a month for the FTS to restore service.

According to RIA Novosti, the FTS says the whole thing never happened, and that all services are up and running normally. Some services, like the FTS's main, informational site, are indeed still accessible, but as Meduza points out the FTS has also quietly warned, in a Telegram channel, that users may experience some difficulties.

Iran's parliament approves closer information security cooperation with Russia.

Iran International reports that the Iranian Parliament has ratified an information security agreement with Russia. "Comprising nine articles, the bill focuses on combating cyber threats, fortifying information security measures, and fostering collaboration between Iran and Russia. A notable clause in the legislation addresses the exchange of information and cooperation in prosecuting criminal offenses between the two nations."