Ukraine at D+462: Skirmishing in cyberspace.
N2K logoJun 1, 2023

As Russian missile strikes continue, some unusual criticism of President Putin appears on Russian TV. Ukrainian hacktivists count coup, tankers carrying Russian oil spoof their positions, and the FSB says Apple is in bed with NSA.

Ukraine at D+462: Skirmishing in cyberspace.

Russian missile strikes continued overnight. An attack on Kyiv, probably with Iskander missiles, killed three (including a mother and her child) and wounded eleven, Radio Free Europe | Radio Liberty reports. Fighting along the line of contact has recently consisted mostly of artillery exchanges as Ukraine's long-expected offensive remains under preparation.

Ukrainian air defenses have shown themselves able to knock down the majority of missiles and drones launched against its cities. Ukrainian sources claim a very high success rate, destroying more than 90% of the Russian systems used in attacks during May. Of the five-hundred-sixty-three missiles the Kyiv Post counted as having been launched last month, five-hundred-thirty-three are said to have been destroyed. It's an expensive campaign. The systems expended during May alone are believed to have cost Russia roughly $1.7 billion. Much of that tab--about $1.48 billion--would have paid for Kh-55 Kent air-launched cruise missile variants expended against Ukrainian cities.

Mr. Prigozhin is no longer the only critic on Russian TV.

The morning's situation report from the UK's Ministry of Defense discusses the reappearance of a Russian opposition figure on state television. "On 27 May 2023, Russian opposition politician Boris Nadezhdin appeared on Russia’s NTV channel and called for a new president to be elected in 2024, in order to rebuild normal relations with Europe. Nadezhdin has been a vocal critic of the war since the invasion, but this is highly likely the first call for Putin to be replaced on Russian state-approved TV since it began. In the last 15 months, Russia has introduced limitations on freedom of speech which haven’t been seen since Soviet times. However, there is a realistic possibility that recent vitriolic rhetoric by nationalist figures such as Wagner Group owner Yevgeny Prigozhin is emboldening opposition figures to challenge taboo topics."

A look at Cuba ransomware.

Avertium has published an extensive look at Cuba ransomware (a Russian operation with no connection to its island-nation namesake). They include in their study a timeline of the operators' activities, notes on indicators of compromise, and advice on defense and remediation. The timeline is interesting in the way it shows how a nominally criminal organization can be turned to serve the purposes of the Russian state.

Ukrainian hacktivists count coup against the Skolkovo Foundation.

Ukrainian hacktivists posting under the Linux-hacker-inspired name Sudo RM-RF chirped at Russia's Skolkovo Foundation over Telegram, claiming to have pwned the tech development agency. "We're saying 'Hello' to @skolkovolive Your infrastructure has been destroyed. We have all the documents and the project source codes. Stay tuned for that." The Record reports that Skolkovo acknowledged sustaining an attack, but said that its systems were all back up and running. The hacktivists' claims are probably overblown, as hacktivist claims normally are, but the Skolkovo Foundation has at least experienced some degree of embarrassment. Headquartered on the outskirts of Moscow, the Skolkovo Foundation was founded by the former Russian President and current Deputy Chairman of the Security Council Dmitry Medvedev. He charged it with leading the development of a Russian tech industry that would rival if not supplant Silicon Valley.

FSB says NSA breached iPhones in Russia.

Russia's FSB says, Reuters reports, that the US National Security Agency (NSA) has succeeded in compromising iPhones used in Russia. The phones belonged mostly to Russian citizens, but the FSB says that iPhones belonging to some foreign diplomats were also affected. The official moral Russia would have public opinion draw from the announcement is that NSA and Apple are conniving with one another. As the Foreign Ministry put it, "The hidden data collection was carried out through software vulnerabilities in U.S.-made mobile phones. The U.S. intelligence services have been using IT corporations for decades in order to collect large-scale data of Internet users without their knowledge."

Position spoofing and sanctions evasion.

Tankers carrying Russian oil are having their movements concealed by Automatic Identification System (AIS) spoofing. The purpose of the deception appears to be, the New York Times reports, evasion of international sanctions against Russia. Why would the tankers spoof their locations? If tracking data revealed the ships' movements from Russian to customers' ports, that would be evidence of a prohibited breach of sanctions sufficient to void the vessels' insurance coverage, and no shipper wants that.