Ukraine at D+4: Sanctions and friction.
N2K logoFeb 28, 2022

Russia's invasion of Ukraine seems to be proving more difficult than Moscow would have hoped, and the weekend saw heavier international sanctions levied against Russia. The Kremlin's response to sanctions and "unfriendliness" has been to raise the alert level of nuclear forces. Both sides in the war continue to sustain cyberattacks.

Ukraine at D+4: Sanctions and friction.

The United Nations plans to hold a (very rare) emergency session of the General Assembly this afternoon at 3:00, New York time, to address Russian aggression against Ukraine. UN Resolution 377A(V) sets out the circumstances under which an emergency session may be convened:

"[I]f the Security Council, because of lack of unanimity of the permanent members, fails to exercise its primary responsibility for the maintenance of international peace and security in any case where there appears to be a threat to the peace, breach of the peace, or act of aggression, the General Assembly shall consider the matter immediately with a view to making appropriate recommendations to Members for collective measures, including in the case of a breach of the peace or act of aggression the use of armed force when necessary, to maintain or restore international peace and security. If not in session at the time, the General Assembly may meet in emergency special session within twenty-four hours of the request therefor. Such emergency special session shall be called if requested by the Security Council on the vote of any seven members, or by a majority of the Members of the United Nations".

Thus the General Assembly as a whole, where no veto by a permanent member of the Security Council is possible, will consider recommending collective measures in the case of Russia's invasion of Ukraine.

Ukrainian resistance may have stalled the Russian advance at key points.

Russian forces have failed to reach their initial objectives, stalling in the north and east while advancing with somewhat more, although still limited success, from Crimea in the south. Neither Kyiv nor Kharkiv, the two large cities under greatest pressure, had yet fallen. Kyiv Mayor Klitschko described the city as suffering and hard-pressed, but as holding on, and, significantly, neither surrounded nor occupied. Military Times reports a "quieter night" in the capital.

Russian forces are reported to have failed to take Kharkiv, Ukraine's second-largest city, with a population of nearly a million and a half. The city is only forty kilometers from the Russian border and was expected to fall quickly. It's also a largely Russophone city, and one that might have been expected to offer a tepid resistance, if not an outright welcome, to Russian forces. Instead resistance has been strong and violent, not at all the march of flowers some had expected. Failure to take Kharkiv represents an early and surprising failure for the invading forces of Russia's Western Military District.

There are also numerous reports that Russia has failed to achieve air supremacy, and has also failed to suppress Ukrainian air defenses. British Defence Intelligence has published a simple operational-level map of where the Russian advance stood as of yesterday. Breaking Defense has heard from US Defense officials that the Russian advance does indeed appear to have bogged down in the face of Ukrainian resistance: “The Russians have lost a little bit of their momentum. They are not advancing far or as fast as we believe they expected.” But the war, of course, remains in its early phases, with more Russian troops available to be committed to the fight. Death tolls rise on both sides, the Washington Post reports, with those lost, including civilians, believed to measure in the hundreds.

It's difficult to know exactly what's happening on the ground, but there are widespread reports of Russian logistical failures. The Telegraph summarizes these in a headline: "No fuel and lost behind enemy lines." ("Out of fuel" is easy to imagine, since logistics can be wayward, and since heavy forces are prodigious consumers of diesel. "Lost" is more curious. Is there no GLONASS, that is, Russia's version of GPS? Why would well-equipped units in a modern army be lost? What about all the smartphones Russian soldiers have been seen carrying, and have used to TikTok their staging and advance? No geolocation on any of those, either? GPS World reported on February 17th that Russian doctrine assumed that satellite-based precision navigation and location services would be unavailable during a war against Ukraine, and that they intended to rely instead on terrestrial LORAN-C, by which they may have meant the Russian CHAYKA equivalent, since LORAN-C is an obsolescent US system, now largely retired. Ukraine, in its early calls for international assistance, asked for help specifically in jamming GLONASS signals, but whether that's actually been done is unknown. If Russian forces are indeed relying on a LORAN alternative, they may be finding that its unfamiliarity and inherent limitations are rendering it more difficult to use than they had expected.)

Ukrainian Foreign Minister Dmytro Kuleba has called for foreign volunteers to come to fight for Ukraine. "Foreigners willing to defend Ukraine and world order as part of the International Legion of Territorial Defense of Ukraine, I invite you to contact foreign diplomatic missions of Ukraine in your respective countries. Together we defeated Hitler, and we will defeat Putin, too," he tweeted. British Foreign Secretary Liz Truss said she, for one, wouldn't stand in the way of anyone who sought to join up. Military Times offers a how-to guide for aspiring volunteers.

Diplomacy, now short of surrender?

Russian Foreign Minister Lavrov last week offered to negotiate with Ukraine, but, the New York Times reported, only after Ukraine ceased all resistance to Russia's "special military operation." That hasn't happened, and Ukrainian resistance has if anything stiffened. Apparently unconditional surrender is no longer the price of negotiation, as Moscow has agreed to meet today with Ukrainian representatives to seek a resolution to Russia's war of choice. Representatives of the two sides have now agreed to meet at a checkpoint close to the Belarusian border, according to POLITICO and many other sources. President Zelenskyy has not expressed high hopes for the meeting (“I do not really believe in the outcome of this meeting, but let them try, so that later not a single citizen of Ukraine has any doubt that I, as president, tried to stop the war,” the Guardian quotes him as saying). Bloomberg describes the Russian delegates to today's talks as a "relatively low-level" contingent, composed of deputy defense and foreign ministers, but the fact that Russian officials seem willing to negotiate at all without insisting on their earlier preconditions suggests an erosion of confidence in the military situation.

SWIFT kicked.

A number of Russian banks will be expelled from SWIFT (the Society for Worldwide Interbank Financial Telecommunication), the European Commission President Ursula von der Leyen announced late Saturday. "In coordination with [the US, France, Germany, Italy, Canada, and the United Kingdom] I will now propose new measures to EU leaders to strengthen our response to Russia’s invasion of Ukraine and cripple Putin’s ability to finance his war machine," EU Commission President Ursula von der Leyen said. The new sanctions are in keeping with the graduated incrementalism that's marked the Western response to the Russian invasion, but curtailing access to SWIFT is regarded by most observers as a serious blow to the Russian economy. The measures are targeted: they don't affect all banks, but rather a set of financial institutions that are closely associated with Russia's ability to make war.

Sanctions have been imposed by nations outside Europe, North America, and Australia. Japan had enrolled as a participant in the measures announced earlier. Both Singapore and the Republic of Korea over the weekend joined the growing number of governments to take punitive measures against Russia. South Korea has enacted financial restrictions, stepped up aid to Ukraine, and announced that it would release petroleum reserves to help stabilize supplies threatened by Russian withdrawal (and exclusion) from international markets. Singapore has announced the imposition of sanctions against Russian financial institutions.

General export controls are expected to have a strongly negative effect on the Russian tech sector. On an individual level, the AP reports, Russia is seeing a run on banks and ATMs as people try to get what foreign currency they can.

Nuclear brinksmanship as an utterly disproportionate rejoinder to economic sanctions.

President Putin's spiritual ancestor, Chairman Stalin, famously dismissed nuclear weapons as something you used to scare people with weak nerves. He's counting on NATO, the Five Eyes, and the EU having weak nerves. On Sunday Mr. Putin explained his decision as a riposte to Western denunciations and sanctions. "Not only do Western countries take unfriendly measures against our country in the economic dimension - I mean the illegal sanctions that everyone knows about very well - but also the top officials of leading NATO countries allow themselves to make aggressive statements with regards to our country," Reuters reports him as saying yesterday on state television. He called the alert a "special regime of combat duty," not a military term of art, and it's unclear exactly what measures his Defense Ministry will take in response to the order. Mr. Putin's intention is nonetheless clear: to warn NATO that he holds it under nuclear risk.

NATO General Secretary Jens Stoltenberg said, "This is dangerous rhetoric and irresponsible behaviour on Putin's part." A threat to use nuclear weapons is of course unwelcome and dismaying, but it's unclear that it will have the effect Mr.Putin appears to wish. The threat is also being received by Western observers as "unhinged," in the representative estimation of former US Director of National Intelligence James Clapper, who told CNN yesterday that “I personally think he’s unhinged. I worry about his acuity and balance.” An unnamed senior official told CNN, "At every step of this conflict Putin has manufactured threats to justify more aggressive actions -- he was never under threat from Ukraine or from NATO, which is a defensive alliance that will not fight in Ukraine."

Belarus has also indulged itself in some nuclear threats. The post-Soviet Russian client state had forsaken its share of the old Soviet arsenal (as had Ukraine and other newly independent republics of the Near Abroad) but it's now voted to amend its constitution to permit it to abandon its commitment to denuclearization. The gesture is unlikely to have any near-term consequences, but it does show how closely President Lukashenka is following Moscow's line.

The US has pointedly declined to respond with a corresponding alert of its own nuclear forces. That's less significant than many media outlets suggest: US strategic forces could rapidly be brought to a high level of alert should that become necessary, and the US no longer has the sorts of tactical, battlefield nuclear weapons comparable to those being brandished by Mr. Putin. Such weapons would require more lead time to prepare and deploy, but the US unilaterally retired its Army's nuclear arsenal in 1992 and hasn't replaced it since. All remaining US nuclear forces are operated by the Air Force (bombers and intercontinental ballistic missiles) and the Navy (submarine-launched ballistic missiles).

Cyber operations against Ukraine.

RiskIQ confirms that it's seeing Ghostwriter activity against Ukrainian troops. Ghostwriter has been associated with the Belarusian government, and with the group being tracked, by Recorded Future and others, as UNC1151. Recorded Future thinks it likely that Russian elements, particularly the GRU, have used Belarusian infrastructure and cooperated with Belarusian intelligence services to run operations against Ukraine.

The BBC reports that other hackers have rallied to the Russian colors and volunteered to hit Ukrainian online assets. The ones talking to the BBC claim to be cutting quite a swathe, but it's unclear how effective they may actually have been.

Over the weekend the US Cybersecurity and Infrastructure Security Agency (CISA) released, with its FBI partners, an updated advisory on the wiper malware used against Ukraine last week. The advisory is principally forward-looking, intended to suggest defensive measures that US and allied organizations might take to protect themselves should the attacks expand beyond Ukraine, but it also contains significant information about last week's attacks.

Cyber operations against Russia.

Hacker News reports that Russia's National Computer Incident Response and Coordination Center has warned its domestic clientele that cyberattacks against Russian critical infrastructure are to be expected. The hacktivist group Anonymous seems to be siding with Ukraine (although as always it's difficult to know who speaks for an anarcho-syndicalist collective), according to ZDNet. As always, statements by hacktivists should be received with cautious skepticism. Anonymous, however, has claimed responsibility for an attack against Russian media outlet RT, and RT was indeed knocked offline by a cyberattack, the Daily Beast reports.

Ukraine's government hasn't been reluctant to call for hacktivist volunteers as it's called for volunteer fighters. BleepingComputer reports that Kyiv is calling for "an IT army" to take on Russian targets, and that it's also released a target list: "Russian government agencies, government IP addresses, government storage devices and mail servers, three banks, large corporations supporting critical infrastructure, and even the popular Russian search engine and email portal, Yandex." Mykhailo Fedorov, Vice Prime Minister of Ukraine and Minister of Digital Transformation of Ukraine, tweeted out the call: "We are creating an IT army. We need digital talents. All operational tasks will be given here. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists."

Caveat emptor for those considering freelancing, however much one might wish Ukraine well: cyber operations can be difficult to control and are "inherently escalatory," Dragos's Robert M. Lee reminds us. One hopes Mr. Fedorov's gestures toward control are both sincere and effective.

Hybrid war and the broader threat of Russian cyber operations.

As international sanctions tighten against Moscow, and in particular as its banking sector is incrementally blocked from access to the SWIFT system, Venture Beat reports that organizations around the world are bracing for Russian retaliation in cyberspace. President Putin's calculus may have led him to believe that restraint will gain him little. "Putin/Russia getting completely isolated economically & diplomatically. The West is completely united. Even China is getting scared of secondary sanctions," Silverado Policy Accelerator chairman and CrowdStrike co-founder Dmitri Alperovitch tweeted. “The danger: Putin has very little to lose now. He is cornered. May go all out on economic and cyber retaliation,” 

In the US, CISA continues its Shields Up alerts. Similar measures are being taken in Australia, Canada, Ireland, and New Zealand. In the UK, steps are being taken to secure the power grid against possible Russian disruption Sky News reports. Palo Alto Networks is offering advice from the private sector on securing an organization against the Russian threat.

Return of the privateers, now in the guise of patriotic hacktivists.

Conti, the familiar ransomware gang, says it will strike those who oppose Russia. According to Reuters, Conti blogged, "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy." Thus any serious suppression of cyber criminal gangs by Russian security authorities has proven to be, as was foreseeable, largely illusory, at best temporary and tactical.

(Even Conti may be getting cold feet. ZDNet notes that the group softened its position. While it deplores the American aggression it sees as the root cause of the war, Conti clarified, "We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression." So, for what it's worth, there. Conti's blog was unavailable this morning.

On the other side, Computing reports that a Ukrainian security researcher (or "hacker," if you prefer) has doxed Conti, releasing details of its internal chatter and some of the gang's sensitive data. (That researcher may in fact be a Ukrainian member of Conti.)

Disinformation and misinformation.

Russia continues to push its familiar lines of disinformation: Ukraine is historically illegitimate; it's run by a junta of drug addicts and neo-Nazis; it's guilty of anti-Russian genocide; it's a NATO puppet; and Russia's special military action is a defensive response to a Ukrainian threat. These themes have found little traction abroad, as POLITICO writes, social media companies have had difficulty addressing the deliberate dissemination of falsehoods.

The Russian government has also increased online censorship, the New York Times reports

There has also been dis- and misinformation put to work in the Ukrainian interest. On both sides of the conflict, reports over social media should be received with skepticism.

We've found the live updates from these media outlets and government sources particularly useful and convenient: the Associated Press, the Washington Post, the New York Times, Bloomberg, the Telegraph, the Guardian, Newsweek, Nikkei Asia, Reuters Fact Check, the Atlantic Council, Recorded Future, and the UK Ministry of Defence.

Criminals exploit Ukraine's suffering in social engineering campaigns.

Avast warns that criminals have begun, in their sorry but entirely foreseeable custom, have been exploiting people's sympathies for those suffering in Ukraine. "As cybercriminals seek to take advantage of the chaos," the company writes in its blog, "we have tracked in the last 48 hours a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help. In the past, we have seen similar scams for people stuck while traveling or looking for love. Unfortunately, these attackers do not operate ethically and will use any opportunity to get money out of people willing to help others in need. What’s suspicious is the immediate mention of Bitcoin, as well as the usernames that consist only of letters and numbers." If you're moved to help, Avast advises doing so through well-known, credible, trusted organizations, and doing so through those organization's official websites, not through links shared in social media.

The war's economic implications.

US tech companies are themselves facing pressure from Russian authorities to knuckle under to Moscow's controls over information, and to permit continued Russian monetization of their services. If worse came to worst, some might have to exit the Russian market. That would be unwelcome, but probably not fatal. Russia's economy is about comparable to that of Texas. You'd like to be able to do business in Texas, but if you had to bite the bullet and leave the Lone Star State, you'd still have the other forty-nine left to work with. It's not like having to stop doing business with, say, India. That would hurt. Russia simply doesn't dispose of the economic clout that would enable such sanctions to bite, that is, to bite hard. Its principal economic weapon is fossil fuel, and Europe would find being shut out from Russian oil and (especially) natural gas hard to bear, but the EU seems prepared to make sacrifices.

Many Western companies are divesting themselves of their Russian investments, Seeking Alpha reports. Of particular interest is BP's recently declared intent to sell off the 20% stake it owns in Rosneft, Russia's major oil company. Russia's central bank, Quartz writes, is preparing for hyperinflation. The Wall Street Journal says that the ruble has fallen some 20% against the dollar since Friday, and that the Russian central bank has doubled interest rates in a move intended to protect the banking system.