Ukraine at D+642: OSINT on morale, and a coming hacktivist shakeup.
the cyberwire logoNov 28, 2023

Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.

Ukraine at D+642: OSINT on morale, and a coming hacktivist shakeup.

Severe storms off the Black Sea are interfering with both Russian and Ukrainian attacks, reducing visibility and trafficability, the Institute for the Study of War (ISW) reports, but both sides continue to maintain local pressure on their adversary. The bad weather is increasing the tendency to rely on dismounted infantry in the attack. It's also driven the Russian Black Sea Fleet back into port, and disrupted commercial shipping in the sea.

Russian forces purchase small gains around Avdiivka at a high cost in casualties. The UK's Ministry of Defence this morning wrote: "In recent days, Russian forces have made further small advances on the northern axis of a pincer movement as part of their attempt to surround the Donbas town of Avdiivka. Since the start of October 2023, Russian forces have moved the front line forwards up to 2km in this area. Although modest, this advance likely represents one of the greatest Russian gains since spring 2023. It has cost the units involved thousands of casualties. This operation is gradually bringing Russian troops closer to the Avdiivka Coke and Chemical plant, where Ukrainian forces maintain one of their main defensive positions." Avdiivka has become to Ukraine what Verdun was to France in the First World War. "Although Avdiivka has become a salient or bulge in the Ukrainian front line, Ukraine remains in control of a corridor of territory approximately 7km wide, through which it continues to supply the town."

Who benefits from a protracted war?

The ISW also reports that not just Russian milbloggers, but Foreign Minister Lavrov, don't see time gained from a frozen conflict as working to Russia's advantage. Milblogger's chatter coincides with Mr. Lavrov's remarks, on the eve of his attendance at the upcoming meetings of the Organization for Security and Cooperation in Europe (OSCE), to the effect that the West is playing for time with which it can better arm Ukraine. The expressed view that a frozen conflict would be in the Western interest is almost surely disingenuous: Russia has used such pauses before to regroup and resume a general offensive. In any case Russia's war, in Mr. Lavrov's view, is the fault of the West, which fomented the war to victimize, isolate, and weaken Russia.

The milbloggers share Mr. Lavrov's hard-war views, but they differ from him in that they see Russian war aims as poorly articulated and fecklessly pursued Talk of negotiations, for example, is troubling to the milbloggers, who fear such discussions will result in concessions, ceding back to Ukraine, for example, territories Russia has "annexed" but couldn't hold. The milbloggers show few signs of retreating from their customary maximalist positions.

Russian news outlet outs Killmilk.

The Moscow-based news outlet Gazeta has identified a man it claims is Killmilk. That nom-de-hack belongs, Gazeta says, to one Nikolai Serafimov, a man who's not exactly been media-shy, but who's also taken care to cloak his identity in cliché fashion, appearing with his face obscured by a balaclava like someone who drew his personal style from a clip-art representation of a hacker. His reputation is one of a marketing savvy but technically weak self-promoter, and his sometime colleagues have apparently grown tired of his schtick. They accuse him of being a thief, running not only a DDoS-for-hire service but also engaging in various charity scams. His actions, his erstwhile collaborators say, discredit the Russian cause. They've been reluctant to break with him for fear of retaliation by Killmilk, who seems to have the goods on them, or at least their identities. The outing suggests that Killmilk's star is in decline.

The status of Ukraine's IT Army.

An essay published by the Center for European Policy Analysis (CEPA) discusses the operations of the IT Army of Ukraine, pointing out that organizations of that kind can have an ambiguous legal status. There seems little mystery about the IT Army: it's an auxiliary, differing in mission but not in status from such US military auxiliaries as the Civil Air Patrol (CAP) and the Military Auxiliary Radio System (MARS). The IT Army seems to operate under effective authority, and it says it's a non-combatant (read, non-kinetic) service that observes the laws and usages of war. Both claims seem, on the available evidence, justified. CEPA characterizes the IT Army's most typical operation as distributed denial-of-service. CEPA also suggests that the IT Army offers a template for other nations too small or resource-poor to maintain a fully fledged military cyber command.

Former deputy head of SSSCIP arrested.

Victor Zhora, who until his dismissal last week was the deputy head of Ukraine’s State Special Communications Service, the SSSCIP, was arrested today on charges related to alleged corruption in contracting dating back to 2021. He'll be released pending trial should he make his UAH 10,000,584 (roughly $275,970) bail. His former chief, Yurii Shchyhol, was arrested last week and is now out on bond, the Record reports. Both men are expected to stand trial within the coming months. Mr. Zhora had become well-known internationally due to his prominent participation in security conferences.

Intercepted soldiers' phone calls reveal Russian morale problems: “You just die like a f------ earthworm.”

The AP has obtained intercepts of phone calls home from Russian soldiers at the front. “You just die like a f------ earthworm,” one representative call said. The calls generally depict an army now largely composed of hastily mobilized, partially trained, and indifferently equipped conscripts swept up in Russia's partial mobilization. They report poor command practices, high casualties, misbehavior toward civilians, combat refusals, and leadership by fear.

Apart from what the phone calls reveal about the state of the Russian army, there's a broader lesson here: the smartphone now presents armies everywhere with an as yet unsolved operations security problem.

There's also a lesson about the importance and ready availability of open source intelligence, enabled by (again) smartphones and commercial satellite imagery. In introducing its intercepts the AP calls the recordings "secret" but says it's independently verified them.