President Putin's Victory Day speech doubles down on denazification and preemptive defense of the Motherland, but announces no new directions. More sanctions have been imposed on Russia, and hacktivists on both sides continue nuisance-level actions.
Ukraine at D+74: Victory Day (but not for this war).
The British Ministry of Defence (MoD) situation map shows mostly static lines in the Donbas and along the Azov coast, with some signs of Ukrainian advance into contested areas, especially in the north around Kharkiv. The Guardian reports that Ukrainian forces have advanced to the point where Kharkiv will soon be out of Russian artillery range (maximum range is between 20 and 40 kilometers, depending upon the caliber and the ammunition being fired).
This morning's situation report from the MoD proposes a matériel explanation for Russia's indiscriminate use of firepower: it expended its precision munitions early in the war, and now depends on older, cheaper, unguided munitions. "At the onset of its invasion of Ukraine, Russia publicly promoted its ability to conduct surgical strikes and limit collateral damage. It stated that Ukrainian cities would therefore be safe from bombardment," which takes Russian official statements at their word. "However, as the conflict continues beyond Russian pre-war expectations, Russia’s stockpile of precision-guided munitions has likely been heavily depleted. This has forced the use of readily available but ageing munitions that are less reliable, less accurate and more easily intercepted. Russia will likely struggle to replace the precision weaponry it has already expended. Russia’s invasion of Ukraine has revealed shortcomings in its ability to conduct precision strikes at scale. Russia has subjected Ukraine’s towns and cities to intense and indiscriminate bombardments with little or no regard for civilian casualties." There seems, however, little reason to credit Russian protestations of intent to wage a properly discriminate war. The reduction of cities by fire began early in the conflict.
President Putin's Victory Day celebration.
President Putin's Victory Day address neither announced victory in Ukraine nor signaled a formal declaration of war and attendant full mobilization, but he did claim that Moscow was fighting a defensive "inevitable" war against literal Nazis who were once again threatening Russia. “The threat was growing day by day. It was the correct, timely, and absolutely only possible decision,” the Telegraph quotes Mr. Putin as saying of his decision to begin the special military operation. "Ukraine" itself was not mentioned in the speech, although Donbas was, repeatedly, called out as a place where Russians were fighting for the motherland. Newsweek reports some of President Putin's remarks: "NATO countries did not want to listen to us. They had different plans, and we saw it. They were planning an invasion into our historic lands, including Crimea. It was a threat we couldn't accept, it was a threat directly to our border. Everything showed that we are dealing with Nazis and we have to do something about it. There was a threat that was growing day by day. We had to do something, we had to do something and we did it—it was the only right solution we could take. It was a decision taken by a sovereign and strong country."
The parade in Moscow, while still large by any reasonable standard, was smaller than most recent Victory Day parades. No foreign dignitaries were invited this year, according to the New York Times. Bloomberg notes one interesting absence from state media's coverage of the annual parade: the chief of the general staff, General Valery Gerasimov, was nowhere in evidence.
Russian hacktivism hits German targets and threatens the UK.
Der Spiegel has reported that Russian-aligned hacktivists ("Putin-fans" as the paper's headline calls them) have claimed cyberattacks that temporarily disrupted websites belonging to airports, the Defense Ministry, the Bundestag, Federal Police, and some state (Länder) police authorities. The group calls itself "Killnet," and counted coup over its Telegram channels. Killnet is of relatively recent origin, and has specialized in distributed denial-of-service (DDoS) attacks, mostly at a nuisance level. The threat actor has been active against Romanian targets since early in Russia's war against Ukraine, and it's recently threatened to retaliate against British support for Ukraine by shutting down ventilators in UK hospitals. The threat against the UK was prompted by the British arrest in Tottenham of a Romanian resident in Britain on charges connected with the earlier cyberattacks against Romanian targets. Killnet's communique read: "If he is not released within 48 hours I will destroy your Romania, Great Britain and Moldova. I will destroy your entire information structure and even your Ministry of Health. All ventilators will be attacked. Only then will you begin to realise the mistake you have made." Killnet seems unlikely to be able to make good on this particular threat. Still, shields up.
Russian diplomatic account apparently hijacked.
The Telegraph reports that Russia's consul general in Edinburgh, Andrey Yakovlev, posted his opposition to Russia's war against Ukraine in his Instagram account. The now-removed post read, "I categorically condemn the behaviour of the military special operation of the Russian Armed Forces against the sovereign, independent Ukraine."I fully support any assistance to the Ukrainian Armed Forces from EU countries." The Russian consulate told the Telegraph, "Our account was hacked. It has already been deleted." The consulate added in its Twitter account, "False information was posted about the position of the leadership of the foreign institution."
A number of news outlets cheerfully picked up Mr. Yakovlev's alleged post and retailed it with the consulate's denial well below the fold (see, for example, Newsweek). In this case, however, the Russian Foreign Ministry is almost certainly telling the truth. That a Russian diplomat would take such a public position in opposition to his own government is pretty far-fetched. That he would do so without immediately thereafter defecting and asking for asylum is beyond belief. Sure, strange events permit themselves the luxury of occurring, as a movie detective used to say in the 1930s, but this event would really just be too strange.
Tracking Cobalt Strike servers used against Ukraine.
IronNet has followed up on CERT-UA's April 18th alert #4490, which described a Russian Trickbot campaign using an urgent message about Mariupol's Azovstal steel works as it phishbait. The goal was the installation of, IronNet explains, "a Cobalt Strike beacon on the victim's system through the use of a[n] MS Office macro." The researchers offer an account of how the threat actors used Cobalt Strike, and do so with a view to understanding how this tool is likely to be turned to malicious use in the future. They found that malleable profiles were used by the threat actors, and they observed both a JQuery profile (commonplace) and a minimal defender bypass profile (more novel, and only recently observed in the wild) in use. The report concludes:
"It’s clear that the ease of use and flexibility that Cobalt Strike provides is one of the main reasons that it remains so prevalent amongst threat actors. Reflecting on the analysis of our dataset matched with the indicators provided in the UA CERT alert, there are a few open questions remaining. First, we see less sophisticated threat actors still deploy Cobalt Strike servers with little to no OPSEC, allowing even the most basic detections of C2 frameworks. Thus, will threat actors continue to forgo OPSEC concerns as long as they continue to dominate victims with high success rates?
"Second, we wonder whether the majority of threat actors will utilize open source malleable profiles or a malleable profile generator like C2 Concealer that takes static attributes from a list and combines them to a single profile? Furthermore, do threat actors take into consideration the environment they are targeting when selecting a malleable profile, or are they simply choosing a popular service they know will thwart most defenders? Answers to these questions will be beneficial to detecting Cobalt Strike servers in the future."
Advice from Estonia's former president on fending off Russian cyberattacks.
Kersti Kaljulaid, former president of Estonia, recalled Russia's earlier cyberwar against her country and offered an opinion on why the world hasn't seen more Russian cyberattacks during the present hybrid war against Ukraine. It's like a decision not to jam: the intelligence Moscow is probably getting, she told the Record, is probably more valuable than the results of a large-scale cyberattack would be.
"There are various reasons," she said, "and not the smallest and not to be ignored is that they get open-source intelligence from Ukrainians online. They’re probably regularly scanning whether they have any hope of seeing Ukrainians’ willingness to fight wane. I’m quite sure that they’re also doing a lot with their capabilities to make sure that the Ukrainian willingness starts to wane. We shouldn’t be naive about that. They also need these communications to keep going on and I’m quite sure they are also using it. It would be very weird if they didn’t."
The attempt to undermine Ukrainian willingness to resist, apart from the brutally direct destruction of cities by artillery, is manifest in various influence operations. One current disinformation campaign, being propagated over pro-Russian Telegram channels, maintains that Poland intends to annex western Ukraine, and brandishes a forged letter (circulated by Gossip Girl) to that effect. (At the end of the Second World War the Soviet Union moved Ukraine's border west into what had been Polish territory, and Poland's border west into what had been German territory, but there's little to no evidence of any serious revanchist sentiment in either Poland or Germany.)
The loss of a single tank is not a major defeat (and no one system is, by itself, a war-winner).
The Telegraph over the weekend drew attention to Russia's first loss of its newest main battle tank. "'Invincible' Russian tank equipped with exploding armour destroyed by Ukrainian troops," the headline ran. "Russia debut its T-90M tank 'Breakthrough-3' in combat for the first time during its invasion of Ukraine but analysts are underwhelmed."
The British Ministry of Defence devoted its Saturday situation report to comment on such Russian equipment losses and what that will mean for its prospects of reconstituting its units. "At least one T-90M, Russia's most advanced tank, has been destroyed in fighting. The T-90M was introduced in 2016 and includes improved armour, an upgraded gun and enhanced satellite navigation systems." The loss of a single tank, however advanced, isn't a disaster, but the point is that effective operations require combined arms, and no single superweapon can be expected to be a war-winner. "Approximately 100 T-90M tanks are currently in service amongst Russia's best equipped units, including those fighting in Ukraine. The system’s upgraded armour, designed to counter anti-tank weaponry, remains vulnerable if unsupported by other force elements. The conflict in Ukraine is taking a heavy toll on some of Russia’s most capable units and most advanced capabilities. It will take considerable time and expense for Russia to reconstitute its armed forces following this conflict. It will be particularly challenging to replace modernised and advanced equipment due to sanctions restricting Russia’s access to critical microelectronic components."
Russia's war against Ukraine has exposed its army's "incompetence and barbarity," in the Washington Post's harsh but accurate judgment, and there is some speculation that the country's Defense Minister, Sergei Shoigu, might be held to account for what are retrospectively obvious failures in training, doctrine, organization, and leadership. The forces he presided over seem to have amounted to "a Potemkin military," one grossly overestimated by the Western powers it threatened, a CEPA essay argues.
The Kremlin, with silence, takes back Mr. Putin's (alleged) apology to Israel.
That apology President Putin was said to have offered Israel last week, the one that regretted Foreign Minister Lavrov's excursus on Hitler's supposed "Jewish blood?" Never happened, the Kremlin effectively said, releasing what it insisted was a complete transcript of the call between President Putin and Prime Minister Bennett. There was no apology in that transcript, Newsweek reports. A statement by Israel's Foreign Ministry after the call had said, "The Prime Minister accepted President Putin's apology for Lavrov's remarks and thanked him for clarifying his attitude towards the Jewish people and the memory of the Holocaust."
Nazi nyet; Mizi da?
A military analyst speaking on Russian state television called for "military socialism" as the only solution to the stresses of supplying and sustaining the special military operation. "Our current economical market system is unfit to meet the needs of our Armed Forces and of the entire country under these conditions. We need to move on to another system, I will tentatively call it 'military socialism' but any other title could also be used," Newsweek quotes Konstantin Sivkov as saying during a Saturday broadcast. This would involve central planning and central control: "all strategic resources, without exceptions, like land, factories and everything else have to be placed under government control and develop according to a centralized plan." The observations, and others like it, were probably stalking horses intended to prepare the Russian people for full mobilization. Compare Lenin's "war communism."
The war seems to be proving expensive. A different Newsweek article cites an estimate by SOFREF to the effect that the special military operation is costing Russia some $900 million a day. Russia's war is obviously brutally expensive, but $900 million seems high. Still, Russia's ability to sustain the war does seem to be under severe strain. Losses, expenditure of ordnance, and the costs of logistics have all been heavy.
G7, US Treasury Department announce new sanctions.
Yesterday the US Department of the Treasury announced a fresh round of sanctions which it characterizes as "sweeping action against Russia’s war efforts." Banks and some financiers are on the new list, as is a state-owned weapons manufacturer, but of particular note is the inclusion of "three of Russia’s state-controlled television stations that generate revenue for the state." Channel One Russia, Television Station Russia-1, and Joint Stock Company NTV Broadcasting Company are now under US sanctions. What it means for the media outlets in particular is a severe curtailment of their ability to sell advertising. The sanctions will also, the Wall Street Journal points out, prohibit US firms from offering the sanctioned entities consulting services. (For now, the Russian firms can still hire lawyers, although that too could change.)
Also yesterday, Reuters reports, the G7 nations committed themselves to phasing out the importation of Russian oil.
Sanctions like those the US Treasury Department imposed can have a significant ripple effect. A desire to avoid the disruption to business that running afoul of US sanctions would entail has led a growing number of Chinese firms to quietly withdraw from the Russian market, according to the Wall Street Journal.