Ukraine at D+189: The third day of Ukraine's counteroffensive.
N2K logoSep 1, 2022

Ukraine claims to have made slow but significant progress in its counteroffensive around Kherson. Isolation of the battlefield continues, with rocket strikes against bridges and airstrikes against Russian air defense radars. Russia continues to look for a solution to its manpower shortages. And the cyberattack against Montenegro is now known to be a ransomware campaign.

Ukraine at D+189: The third day of Ukraine's counteroffensive.

Close combat and isolation of the battlefield.

Ukrainian officials claim to have made some progress in the Kherson Oblast during their ongoing counteroffensive. The Telegraph reports that, "Yuriy Sobolevskyi, the deputy head of Kherson's regional council, said Ukrainian troops had enjoyed successes in Kherson, Beryslav and Kakhovka districts, but refused to elaborate. 'Now is the time to support our armed forces... Now is not the time to talk about the specific successes of our lads,' he said."

The UK's Ministry of Defence (MoD) this morning discussed the long-range strikes that have accompanied Ukrainian forces' counteroffensive. "Over 30-31 August 2022, Ukrainian Armed Forces continued offensive operations in southern Ukraine, supported by intensive long-range strikes against Russian command and logistics locations across the occupied zone." Those strikes appear to be enabled by anti-radiation missiles, that is, missiles that detect and hit radar systems. "Ukraine’s Ministry of Defence also released video footage of Ukrainian aircraft operating high speed anti-radiation missiles (HARMs). Russia has previously claimed that it has recovered fragments of these types of weapons, which are designed to locate and destroy radars. Russia prioritises strong ground-based air defences - the radar coverage which enables this is a critical capability in its Ukraine operation. A substantial, sustained degradation of Russia’s radars with HARMs would be a major set-back to Russia’s already troubled situational awareness." HARMs are a central component of a suppression of enemy air defense program, which is what Ukraine appears to be conducting.

Reactor shut down under shellfire as IAEA inspectors arrive.

Energoatom, the Ukrainian nuclear power utility, said that one of the two reactors at the Zaporizhzhia plant has been shut down due to Russian shelling. Reuters quotes the company's statement, "As a result of another mortar shelling by Russian ... forces at the site of the Zaporizhzhia nuclear power plant, the emergency protection was activated and the operational fifth power unit was shut down." Some power lines and backup diesel generators have also been damaged.

The Guardian reports that, despite continued shelling, UN inspectors from the International Atomic Energy Agency (IAEA) have arrived at the Zaporizhzhia facility, which they will assess for safety and security.

Russian manpower shortages.

Reuters quotes US Defense sources who see Russia as struggling to maintain the end strength of its army. Russian manpower shortages, exacerbated by very heavy losses in the early months of its invasion of Ukraine, continue to have an operational impact. Some Ukrainian accounts have called Russian defenses around Kherson "thin," and Russian authorities have been working to reconstitute depleted units. Recruiters have sought to offer increased incentives to volunteers, and the contract mercenaries of the Wagner Group, increasingly deployed to the front, have been recruiting heavily in Russian prisons, where robbers and murderers have been particularly sought out (and offered remission of their crimes in exchange for combat service).

A mystery in all of this is why the Kremlin hasn't simply moved to full conscription. Commentators have cited Russian laws that prevent deployment of draftees abroad in the absence of a formal declaration of war, something that Russia, with its references to the war against Ukraine as a "special military operation," has studiously avoided. Still, the mystery persists: a concern for formal legality has never been a characteristic feature of Russian regimes. The New York Times cites expert opinion to the effect that President Putin has opted to preserve "domestic stability" rather than institute general conscription. It's thought that a draft appropriate to full wartime mobilization would be deeply unpopular. "That need to preserve a sense of domestic stability reflects the limits of Mr. Putin’s power and, some analysts say, the superficial nature of support for the war in Russia. It has also caused tensions among his supporters to break into the open, with some accusing the Kremlin of keeping much-needed reinforcements from reaching the battlefield in order to preserve the oblivious contentment of the urban middle class." Thus Russian recruiting will continue much as it has, until Moscow runs out of young men no one cares about.

The state of discipline in the Russian army is also questionable. The Telegraph describes a lethal, alcohol-fueled shoot out in occupied Kherson between army and FSB troops. All armies have disciplinary problems (and the bigger the army, the more the problems) but Russian forces seem to have a disproportionately large number of them.

Attack on Montenegro determined to be ransomware.

Montenegro, which continues to work to recover government systems from a cyberattack it's blamed on Russia, have now, Reuters reports, called the incident ransomware. The country's Public Administration Minister, Maras Dukaj, said that no ransom demand had yet been received, but that some stolen data had been spotted online. Dukaj said, "We have already got an official confirmation, it can also be found on the dark web where the documents that were hacked from our system's computers will be published." Thus the attack, which has substantially disrupted public services in the Balkan country, seems to be a double-extortion attack.

The gang that's claimed responsibility is the Cuba ransomware group, according to ITPro. Cuba is a Russophone operation that has nothing to do with Havana. The FBI described Cuba in December of last year. In April of this year security firm Profero linked Cuba to Russia, with their attribution based largely on linguistic cues. In June Trend Micro researchers reported a surge in Cuba's activity, along with the gang's deployment of some new tools. It seems likely that the operation against Montenegro represents Russian privateering; in any case the government in Podgorica hasn't backed away from its announced conclusion that the campaign represents Russian retaliation for Montenegro's support for Ukraine. CyberNews has published a screenshot of Cuba's claim-of-hack, and briefly describes the circumstantial case for linking the gang to Russia.

The disruptions to public services in Montenegro have been serious enough for the US embassy to issue, TechCrunch reports, an unusual warning to US citizens, advising them that the “persistent and ongoing” cyberattack "may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.” US citizens are advised to limit their travel, review their personal security plans, and stay aware of their surroundings.

The AP reports that the US Federal Bureau of Investigation (FBI) has dispatched a response team to Montenegro to assist the Ministry of Justice with its investigation.