Ukraine at D+427:  Russian cyberattacks and disinformation before Ukraine's spring offensive.
N2K logoApr 27, 2023

As Ukraine completes preparations for its spring offensive, Russia seeks to redress the balance of forces with disinformation and ransomware attacks on logistical chains.

Ukraine at D+427: Russian cyberattacks and disinformation before Ukraine's spring offensive.

Russian forces continue to shell civilian targets, with two killed and sixteen injured last night in Kharkiv alone. Seven other territories were also shelled, Al Jazeera reports. The war continues to be in large measure an artillery war, and Business Insider describes how Ukrainian counterfire is taking a toll of Russian guns.

Russian forces are preparing defensive fighting positions at the Zaporizhzhia reactor buildings, the UK's Ministry of Defence reported this morning. "Imagery shows that by March 2023, Russian forces had established sandbag fighting positions on the roofs of several of the six reactor buildings at Zaporizhzhia Nuclear Power Plant (ZNPP). Russia has controlled ZNPP since March 2022. However, this is the first indication of the actual reactor buildings being integrated in tactical defence planning. Russia has likely constructed these positions because it is increasingly concerned about the prospects of a major Ukrainian offensive. The move highly likely increases the chances of damage to ZNPP safety systems if fighting takes place around ZNPP. However, direct catastrophic damage to the reactors is unlikely under most plausible scenarios involving infantry weapons because the structures are very heavily reinforced."

KillNet tells Russians to beware of NATO disinformation.

This morning KillNet released a statement warning Russian citizens to be aware of disinformation campaigns from Ukraine and "The West." Specifically, the hacktivist auxiliary explains that “The Ukrainians and NATO will use the talks between China and Zelenskyy as a catalyst for information attacks and influence towards the citizens of Russia and its military.” In particular it wants to trim expectations about Ukraine's coming spring offensive, which KillNet predicts will be either a failure or at best a minor local success, if it's not a bluff entirely.

Stars & Stripes reports that the US European Command, while cautioning that Russia retains significant combat capability, is confident that Ukraine has the tools it needs for its spring offensive to succeed.

The European Commission looks askance at Twitter and sees Russian disinformation.

There are serious concerns being raised about Twitter's revisions to its verification policies. As one of the "very large online platforms (VLOPs)" defined by the EU's Digital Services Act (DSA), Twitter is expected, as TechCrunch explains, "to take steps to mitigate systemic risks like disinformation, while breaches of the regime can attract penalties of up to 6% of global annual turnover." The platform's recent changes have prompted a negative response from EU regulators. In tweets that accompanied reposting of an AP story about the ways in which Twitter had become more easily exploitable by Russian and Chinese disinformation operators, the European Commission's Vice President for Values and Transparency, Věra Jourová, wrote, "This is yet another negative sign from #Twitter on not making digital information space any safer and free from the Kremlin #disinformation & malicious influence. To me this is a signal that #Twitter is falling short of its commitments to the anti-disinformation Code.This is a paramount test to show they are serious about respecting the Code and ultimately compliance with the #DigitalServicesAct."

Russian ransomware operations aim at disrupting supply chains into Ukraine.

The US Intelligence Community sees Russian cyber operators devoting more effort toward disruption of supply chains supporting Ukraine. CyberScoop quotes NSA's Rob Joyce, the agency's director of cybersecurity, as saying that NSA is observing “a significant amount of intelligence gathering into the Western countries, to include the U.S., in that logistics supply chain.” A significant fraction of that supply chain carries humanitarian aid.

And KillNet declares itself a Russian “Private Military Hacker Company.” 

Looking, apparently, for a bigger payday, yesterday the Russian cyber auxiliary KillNet announced that they would become Russia’s “Private Military Hacker Company (PMHC).” What this means for their operational tempo is unclear, but they promised they would continue distributed denial-of-service (DDoS) attacks against NATO sites as they pursue their current objective of “destroying NATO infrastructure.” The group says it will now also accept jobs from private individuals and from governments. They will still work to defend Russian interests. They explained in their post that they will no longer be making money from donations and promised sponsorships (and they included an emoji that indicated the sponsorships fell short of expectations). 

Earlier this month KillMilk, the group’s nominal leader, explained that he was tired of waiting for government personnel and businessmen to fund his group’s cyber escapades. Shortly after their announcement they changed their channel name to ЧВХК KillNet (PMHC KillNet). This could be just a publicity stunt, as the ramifications of a cybercriminal group sanctioned by Moscow attacking NATO websites are unknown but probably severe. KillNet has yet to release any information on pending contracts (either governmental or private) to conduct cyber warfare. 

Prosecutors ask that accused Discord Papers leaker remain in custody.

According to the AP, US Federal prosecutors have asked that Jack Teixeira, charged with violations of the Espionage Act, be held in custody and not, as Airman Teixeira's defense is expected to request, be released to his parents. “There simply is no condition or combination of conditions that can ensure the Defendant will not further disclose additional information still in his knowledge or possession,” prosecutors wrote in their petition. “The damage the Defendant has already caused to the U.S. national security is immense. The damage the Defendant is still capable of causing is extraordinary.”

The Air Force has suspended two leaders in Airman Teixeira's former organization, CNN reports. “The commander of the 102nd Intelligence Wing at Otis Air National Guard Base, Massachusetts, has suspended the commander of the 102nd Intelligence Support Squadron pending further investigation into the unauthorized disclosure of classified information,” an Air Force representative told CNN. “Additionally, the detachment commander overseeing administrative support for Airmen at the unit mobilized for duty under Title 10 USC has also been suspended,”

The AP reports that investigators are still working to determine whether Airman Teixeira retained any other classified information that has so far remained unreleased. Investigators and prosecutors have also not discussed Airman Teixeira's possible motives for the alleged leaks, but the consensus among Discord users who had been in touch with him is that he was simply showing off, without any serious political purpose.