Ukraine at D+589: Trends in the cyber phase of a hybrid war.

The Russian strike against the farming village of Hroza (sometimes transliterated "Groza") near Kupiansk killed fifty-one and wounded seven more, the Telegraph reports. The village is about twenty miles from the front, and the strike is believed to have been carried out with a hypersonic Iskander missile. The dead and wounded had gathered for a memorial repast in the village (population about three hundred fifty). The wake was for a resident who had died; it had nothing to do with the war. The cafe in which they met appears to have been deliberately targeted.

There's no evidence of any military targets in Hroza, and certainly nothing that would have justified the expenditure of an Iskander. Ukrainian officials denounced the strike as a simple act of terrorism. Even so the targeting is strange. Why would a small village have attracted that kind of attention when there are plenty of other civilian targets within range of Russian systems? The strike attracted widespread condemnation abroad.

The UK's Ministry of Defence (MoD) this morning reports extensive Russian preparation of fallback positions in front of the Ukrainian advance towar the Sea of Azov. "On 03 October 2023, Ukrainian Melitopol Mayor, Ivan Federov, said that Russian forces were building additional fortifications on the contested Orikhiv axis. In Novopokrovka, complex underground two-storey bunkers are being built with tunnels and trenches. In Tokmak, additional defensive fortifications were being built and trenches filled with concrete. Russian officers have also started to evacuate their families from Tokmak. Fortifications were observed on the southern approach from Robotyne, the axis of Ukrainian forces."

The MoD sees the preparations as evidence of concern about Ukrainian drone and artillery strikes against field headquarters. "The bunkers will add additional protection for Russian soldiers and command and control elements from heavy Ukrainian artillery and Uncrewed Aerial Vehicle attacks. The concrete likely reinforces the trench systems in advance of the potentially wet and muddy conditions in the coming weeks. These fortifications and evacuations likely reflect Russia's concern of a further Ukrainian breakthrough."

Russian naval units in the Black Sea will make Novorossiysk, a Russian port, their principal base after the evacuation of occupied Sevastopol. The Georgian port of Ochamchire, in the illegally separated province of Abkhazia, is too small to serve as the main base of the Black Sea Fleet, and is likely to be used only as a secondary facility.

President Putin at the Valdai Discussion Club.

Yesterday, in an appearance at the Valdai Discussion Club, President Putin reinforced some familiar points of Russian disinformation. The Institute for the Study of War (ISW) reports that he argued that the war in Ukraine was not a "territorial conflict" but rather represented an effort to establish the basis for a new, multipolar world order that would replace the United Nations and existing international law. The West, he said, started the war in 2014, and NATO expansion eastward represented a threat to Russia.

He also addressed Russian nuclear capabilities and doctrine, claiming successful tests of a nuclear-powered cruise missile (foreign experts are skeptical) and saying, as quoted by the AP, “There is no situation in which anything would threaten Russian statehood and the existence of the Russian state. I think that no person of sober mind and clear memory could have an idea to use nuclear weapons against Russia.”

President Putin also offered an implausible explanation of the explosion that took down Wagner Group boss Yevgenyi Prigozhin's plane. It was due, he said, to incautious handling of hand grenades by the passengers, who were drunk and using cocaine during the flight. The bodies, he said, hadn't been subjected to toxicological tests, but the FSB found cocaine in a raid on Mr. Prigozhin's home. The investigation into the crash, President Putin said, ruled out external causes of the crash. So it wasn't a Russian air defense missile and it wasn't a NATO bomb. It was, President Putin says, coked-up drunks playing with grenades. The ISW finds this story "bizarre."

Cyber aid to Ukraine from Estonia.

The director of the Estonian Information Systems Authority's Incident Response Department, Tõnu Tammer, described his country's offer of cyber assistance to Ukraine. It began in the opening days of the war, and included dual use tools that could be used for either defense or offense, Defense One reports. Tammer sees the Russian government making increased use of criminals in its cyber operations, and he does not expect Russian cyberattacks to abate even if it's defeated on the ground in Ukraine. If anything, frustration and revanchism will drive them to increase. "How do you express the frustration, if you are no longer able to express this using tanks?” Tammer said. “Cyber in that sense, continues to be a convenient tool.”

Cyber cooperation between Russia and North Korea.

Cyfirma looks at the recent closeness between Moscow and Pyongyang and sees the potential for cooperation in offensive cyber operations. Such cooperation is easy and requires little coordination--Russia and North Korea share a common set of animosities, and both are already engaged against countries that are broadly hostile to the two regimes. The new friendship between the two countries hasn't, however, so far inhibited North Korean attempts to collect against Russian targets. The Russia-North Korea connection is a principal conjunction in what an essay in Foreign Affairs calls "the axis of the sanctioned."

It's not all blue sky in that axis, however. Microsoft reports that "Despite the recent meeting between Putin and Kim Jong-Un, North Korea is targeting Russia, especially for nuclear energy, defense, and government policy intelligence collection."

Hacktivist auxiliaries hit Australia.

Australia's Department of Home Affairs was subjected to roughly five hours of distributed denial-of-service (DDoS) attack last night conducted what most news reports characterize as a "pro-Russian hacker group." Cyberdaily.au attributes the action to Noname057(16). The hacktivist auxiliary explained its purpose as retaliation for Australia's decision to send Slinger anti-drone technology to Ukraine. A post in Noname's Telegram channel said, “A state from the distant mainland of Australia decided to keep up with the global Russophobic trend and announced the transfer of the Slinger ‘drone killer system’ to Kyiv. It’s a shame (not really) that Australia doesn’t have systems in place to track our DDoS attacks! We remind the Australian authorities that it is necessary to solve the problems of their citizens first, and sucking up to Ukrainian neo-Nazis will only lead to an increase in the number of cyber attacks." The affected sites have now returned to normal operation.

The direction of Russian cyber operations.

Microsoft has published an overview of the ways in which espionage is shaping the current state of cyber threats, concentrating on the activities of China, Russia, North Korea, and Iran. Of Russia, the report says, "Russian intelligence agencies have refocused their cyberattacks on espionage activity in support of their war against Ukraine, while continuing destructive cyberattacks in Ukraine and broader espionage efforts." Insofar as classical espionage is concerned, the Russian services are most interested in the UK, the US, and Poland, looking for insight into the direction of policy with respect to the war against Ukraine, and, tellingly, the progress of war crimes investigations.

Influence operations seem increasingly coordinated with operations on the ground, and Russia is devoting a great deal of attention to the Ukrainian diaspora, seeking "to intimidate global Ukrainian communities and sow mistrust between war refugees and host communities in a range of countries, especially Poland and the Baltic states."

Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law.

An essay published by two officials of the International Committee of the Red Cross in which they outline the extension of international humanitarian law (and the laws of war) to cyberspace has been rejected contemptuously by hacktivists on both sides of Russia's war against Ukraine, according to the Record. Their reasoning, whatever their commitment, is essentially the same: they apply the realist maxim inter armes silent leges, that is, there are no legal restrictions on war. The rejection was especially sharp from Ukrainian hacktivist groups and Belarusian dissidents. (And there's also some inconsistency there--the rejection of rules of war accompanies denunciation of the Russian Red Cross for its alleged complicity in war crimes.) For an account of the proposed extension of international humanitarian war to hacktivism, see CyberWire Pro.