Ukraine at D+644: A hacktivist auxiliary is actively recruiting.
the cyberwire logoNov 30, 2023

NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.

Ukraine at D+644: A hacktivist auxiliary is actively recruiting.

Poorly organized and exercised command in what has come to be called the "Dnepr Group of Forces," the Institute for the Study of War concludes, "continues to degrade Russian morale and combat capabilities." An example of such degradation is combat refusals in the 810th Naval Infantry Brigade, whose soldiers have refused "to conduct assaults on Ukrainian positions due to a lack of artillery coordination, tactical intelligence transmission, and proper communication about the location of Russian minefields." The minefields have proven particularly problematic: the 810th Brigade has suffered about fifty casualties in friendly minefields over the past month. The problems the Dnepr Group of Forces faces seem to have become particularly acute on the east bank of its namesake river.

One casualty of poorly marked Russian minefields may have been an officer of high rank. The New York Post reports that Major General Vladimir Zavadsky, deputy commander of the 14th Army Corps, was killed Tuesday in a Russian minefield laid by another unit.

According to the Telegraph, Black Sea storms have washed away protective barriers Russia emplaced around the Kerch Strait Bridge to protect it from attacks by uncrewed surface vehicles.

CERT-EU warns member states of Russian cyber threat.

CERT-EU has warned the European Union that at least seven of the EU's governments are being actively targeted by Russia's GRU, POLITICO reports. The specific threat actor is APT28 (also familiarly known as Fancy Bear). The current campaigns proceed mostly by phishing, with the phishbait being "diverse decoy documents...including the meeting minutes of a subcommittee of the European Parliament and a report from a United Nations Special Committee." The long-term goal of the efforts, POLITICO speculates, is intelligence concerning next year's EU elections, and possibly influence over those elections.

NATO cyber exercise runs against the background of Russia's hybrid war.

NATO is conducting its annual cyber exercise, with some thirteen-hundred participants working both on-site in Tallinn and remotely. In addition to NATO members, close partners including Ukraine, the Republic of Korea, and Japan are also participating. As major command-post exercises often do, this year's cyber exercise involves lawyers who are advising participants on the boundaries international law imposes on cyber responses. In addition to governments, industry is also represented. The Wall Street Journal's coverage of the exercise names Airbus, Leonardo, and Indra--all European defense companies--among the private sector participants.

NoName057(16)'s DDoSia project is looking for volunteers.

The Russian hacktivist auxiliary NoName057(16) is recruiting volunteers. “Join our volunteer DDoSia Project to fight in the cyber war unleashed by the West against our Motherland,” a representative post in the group's Telegram channel reads. Volunteers will be paid (in cryptocurrency, naturally) and will have "ranks and merit awards depending on their time of service and achievements," the Australian Cyber Security Magazine reports, just like a real army. Where the pay will come from isn't clear, but a best guess would be that funds would be obtained from criminal proceeds. DDoSia, as its name implies, is a distributed denial-of-service attack project. The promise of ranks and recognition of merit suggest that NoName057(16) is pitching military wannabes (and other cases of arrested development).