Ukraine at D+508: Preparatory attrition in the counteroffensive.
N2K logoJul 17, 2023

Ukraine wages a war of attrition, the Kerch Strait Bridge is dropped again, and Russia seems to be purging its general officers. The FSB's Gamaredon is showing renewed activity.

Ukraine at D+508: Preparatory attrition in the counteroffensive.

Fighting continues along the line of contact. In some zones Ukraine is attacking; in other sectors it's on the tactical defensive. The AP characterizes the Ukrainian strategy as one of seeking to "stretch" Russian forces--which amounts in large part to a strategy of attrition--as opposed to seeking rapid reconquest of occupied territory.

Russia complains that a predawn Ukrainian attack against the Kerch Strait Bridge, which connects occupied Crimea to Russia proper, forced the bridge's closure. Russian sources claim to have begun to restore rail traffic; road traffic will take a bit longer. Ukraine offered no comment on the report. Russian officials claimed that the attack, which apparently dropped one of the bridge's spans, was carried out by "sea drones," that is, uncrewed surface vehicles. Two people crossing the bridge in a car were reported killed.

Russian missile strikes against civilian targets continued, with an attack against Kharkiv Sunday evening.

Moscow has resumed interdiction of Ukrainian grain exports through the Black Sea, saying it will return to the Black Sea Grain Initiative only when its own demands for its own agricultural sector are fully met.

The US decision to supply improved conventional munitions (ICM, commonly "cluster weapons") to Ukraine elicited comment from President Putin. He said that Russia had plenty of cluster munitions and wouldn't hesitate to use them if Ukraine fired the ICM the US was sending, thus framing Russia's use of cluster weapons as a reprisal. Such weapons are controversial because of their relatively high dud rate, and because of the sensitivity of the dud submunitions they leave behind. But Russia hasn't been shy about using them in Ukraine. The United Nations reported, a little more than a month after Russia invaded in February 2022, that Russian forces had already used cluster weapons at least twenty-four times. Thus President Putin's implied claim of humanitarian restraint reluctantly abandoned in the face of Anglo-Saxon aggression is patently bogus.

In Monday morning's situation report, the UK's Ministry of Defence outlines the central dispute between the now-relieved commander of the 58th Combined Arms Army and the Ministry of Defense: it was the Ministry's failure to provide the forces with adequate means of locating and engaging Ukrainian artillery. "After being sacked as commander of Russia’s 58th Combined Arms Army (58 CAA) in Ukraine, General-Major Ivan Popov claimed that one of his key complaints had been about the lack of counter battery provision. Russian ground forces survivability relies on effectively detecting Ukrainian artillery and striking against it, often with its force’s own artillery. A key component of this approach is counter-battery radars, which allow commanders to rapidly locate enemy gun lines. Russia is suffering from a worsening shortage of counter-battery radars, especially its modern ZOOPARK-1M. Only a handful of the originally deployed ZOOPARK fleet are likely to remain operational in Ukraine. Open-source footage showed another ZOOPARK being destroyed near the 58 CAA’s area in early July 2023. The priority Popov apparently gave to this problem highlights the continued centrality of artillery in the war." Counterbattery radars track the shells fired from enemy guns in flight and backtrack to locate the guns' positions, which enables counterfire.

You can't tell the boss that...

The Institute for the Study of War summarized the current situation the Russian Ministry of Defense faces with respect to its senior field commanders. "The Russian MoD has begun to remove commanders from some of the Russian military’s most combat effective units and formations and appears to be accelerating this effort....  The reported dismissal and arrest of commanders leading combat effective units and formations appears to be associated with cases of insubordination." Russian Defense Minister Shoigu dismissed another general over the weekend. Radio Free Europe | Radio Liberty reports that Major General Vladimir Selivyorstov, commander of the 106th Airborne Division was dismissed without official explanation, but sources say he had been critical of the way the Ministry was conducting the war.

Saturday morning's situation report from the UK's MoD looks at a shift in the reasons for which Russia is now firing generals. Leaders have long been shown the door for poor performance. They're now being fired for criticizing the conduct of the war. "Russia has routinely sacked commanders since the start of the invasion of Ukraine, but the removal of the 58th Combined Arms Army’s General-Major Ivan Popov is notable, he was apparently dismissed for voicing concerns rather than for any alleged poor performance. In a leaked video intended for his troops, Popov delivered a scathing attack on the Russian MoD leadership, whom he accused of, “hitting us from the rear, viciously beheading the Army at the most difficult and intense moment”. Popov’s comments draw attention to serious disaffection many officers likely harbour towards the senior military leadership. The complaints largely echo those made by Wagner Group owner Yevgeny Prigozhin prior to his June 2023 mutiny.) Direct criticism from subordinates is likely to become an increasing problem for Defence Minister Sergei Shoigu and Chief of the General Staff General Gerasimov." They may need to consider ways in which officers can offer criticism without threatening the chain of command. (If you tell subordinates you don't want to hear it, then guess what? You won't.)

General Surovikin remains very much in the wind, whereabouts, prospects and fate unknown.

Disaffection may be showing up among the other ranks as well. Radio Free Europe | Radio Liberty reports (at second hand--direct verification is difficult) that combat refusal is being dealt with by incarceration under harsh field conditions until the reluctant troops are willing to reenter the line. Milbloggers (again, hard-line, hard-war advocates) have retailed other complaints from soldiers in the line. "Insubordination among commanders appears to be spreading to some of their soldiers," the Institute for the Study of War assessed yesterday. Russian milbloggers shared audio in which the alleged elements of the 7th VDV threatened to withdraw from their positions in the Kherson Oblast should their commanding general be relieved.

"The Wagner Group doesn't exist," and some disinfluencer posts.

President Putin's remarks last week to the effect that "the Wagner Group doesn't exist" haven't, apparently, prevented members of the Group from entering Belarus in a more-or-less organized form. Radio Free Europe | Radio Liberty reports that what seems to have been a Wagner convoy crossing into Belarus. What the mercenary troops will do there was unclear at the end of last week--there were reports that they may have been preparing to train Belarusian reserves, something President Lukashenka has expressed interest in. In any case they seem no longer destined to serve in either Ukraine or Russia proper.

On Sunday morning the UK's MoD offered an assessment of the current state of Russian official thinking about the Wagnerites. "The Russian security apparatus entered a period of confusion and negotiations after the Wagner Group's 24 June 2023 mutiny. In recent days, an interim arrangement for the future of the group has started to take shape. On 12 July 2023, the Russian MoD announced that Wagner had handed over 2000 pieces of military equipment, including tanks. As of 15 July 2023, at least a small contingent of Wagner fighters have arrived at a camp in Belarus." As this has happened various sources point to a refocus of Wagner attention on Africa. "Concurrently, some Wagner-associated social-media groups have resumed activity, with a focus on highlighting the group's activities in Africa. Based on recent announcements by Russian officials, the state is likely prepared to accept Wagner’s aspirations to maintain its extensive presence on the continent." Ukrainian sources cited by the Guardian claim that "only a few hundred" Wagner troops have reached Belarus.

CNN on Friday profiled Andrey Troshev, the Wagnerite executive and retired colonel whom President Putin proposed, in a divide-and-rule move, as a successor to Mr. Prigozhin as the Wagner Group's capo. The Telegraph reports that shortly after President Putin declared that the Wagner Group's boss had declined an offer to regularize his mercenary forces (which, the President said, in any case lacked legal standing) photos of Mr. Prigozhin wearing nothing more than some unfashionable underthings were leaked online. The intent was evidently to expose the gentleman to derision (and in truth he looks more like Uncle Fester rolling out of bed and thinking about going down to the corner to buy some smokes, which is nobody's idea of a good look, than he does a proper warlord.) The photographs of Mr. Prigozhin are indeed unflattering, especially if contrasted with shots of President Putin splashing shirtless through a Siberian stream, fishing for taimen or lenok.

There may be some counter-influence in the offing. It appears that the blackout of Mr. Prigozhin's own media properties was both temporary and exaggerated. One of those properties, the notorious troll farm doing business as the Internet Research Agency, is among those that have remained in business, earlier reports to the contrary.

CERT-UA threat actor profile: the FSB’s UAC-0010 (a.k.a. Gamaredon, Armageddon).

CERT-UA released an official threat summary of UAC-0010. UAC-0010 (more commonly “Gamaradon,” or “Armageddon”) is a Russian persistent threat actor operated by the FSB. CERT-UA attributes the success Gamaredon has enjoyed to several defectors from Ukraine’s SBU who went over to the FSB in 2014. The threat group uses email and messenger apps like Signal, WhatsApp, and Telegram as an initial attack vector, sending corrupted Microsoft Word documents with malicious macros to the victim. UAC-0010 then uses an infostealer, “GAMMASTEEL,” which steals files between thirty and fifty minutes of the initial infection. GAMMASTEEL also works to replicate itself by infecting all Microsoft documents on the infected computer to propagate the malware when those files themselves are exported. GAMMASTEEL also corrupts any USB drive plugged into the computer. 

As a form of redundancy, the malware will create anywhere eighty or one hundred twenty (or more) malicious files. Thus if the victimss clear their registry but don't delete the files, the malware can reinfect the host and continue stealing information. “The threat actors take additional measures to obfuscate their infrastructure and continue bypassing network level detection,” writes CERT-UA in its advisory. UAC-0010 changes its intermediate victim C2 IP addresses and their own control nodes between three and six times daily.

The Record notes that Gamaredon focuses primarily on espionage and information stealing. The Record quotes the senior director of BlackBerry’s cyber threat intelligence team, Dmitriy Bestuzhev, as characterizing Gamaredon as “quite successful,” and as showing a preference for using Telegram to for command-and-control of infected devices.

FSB bans Apple devices.

Russia's FSB has banned the use of Apple devices by government officials, effective today. Apple Insider traces the decision to Russian claims that Apple has been colluding with the US National Security Agency (NSA) to intercept Russian communications. Apple has denied any such cooperation with NSA.

Anonymous Sudan claims "demonstration" attack against PayPal.

Anonymous Sudan, which, its name notwithstanding, is a cat's paw for Russian intelligence services, mounted a brief distributed denial-of-service (DDoS) attack against PayPal. TechMonitor reports that the attack lasted only thirty seconds, but that Anonymous Sudan described it as a "demonstration" of the ways in which it will use PayPal to attack targets in the United Arab Emirates and the United States.