Ukraine at D+6: Shocking and awful.
N2K logoMar 2, 2022

Russia's unexpectedly slow advance grows more brutal and indiscriminate. In cyberspace, Ukraine seems to be giving as good as it's getting.

Ukraine at D+6: Shocking and awful.

Sanctions are hitting Russia hard. Cyber conflict continues at a low level.

Forces on the ground.

Russia's invasion of Ukraine has proceeded at a slower pace than Russia (and most foreign analysts) had expected. While Russia's operations enter a new, more brutal phase in which cities and their civilian populations are subjected to heavy fire, its forces have shown themselves unable to achieve and sustain the operational tempo necessary to quick victory. Defense News suggests there are five basic reasons for this:

  1. Failure to communicate commander's intent. It's thought that President Putin didn't share his intentions with his senior field commanders, and that this has left them poorly directed, struggling to anticipate changes in plans.
  2. Failure to fight as they had trained. Cyber and electronic warfare, thought to be important to Russian combat doctrine and capabilities, haven't shown up in force. Logistical planning, preparation, and execution have all fallen far short of what was necessary. (The US Department of Defense has stressed the importance of logistical failure as a root cause of poor Russian battlefield performance, the Stars and Stripes reports.)
  3. Overconfidence. Russia expected swift victory, and Ukrainian resistance caught them off-guard. That overconfidence seems to have been amplified by intelligence failures. (One intelligence failure other publications, like the Army Times, have noted is Russia's having overlooked the use Ukraine would make of armed drones.)
  4. Ineffectual use of air power. This ought to have represented a key Russian advantage, but it hasn't developed as such. (The Telegraph puts this down to "overconfidence" that was subsequently overtaken by events, but Russian failure to achieve air supremacy quickly and decisively remains baffling.)
  5. "Europe's surprising response." European governments have displayed a spine Moscow has long thought they lacked.

There are other problems. You go to war, of course, not only with the army you have, but also with such allies as you can attract. In Russia's present case that ally comes down, basically, to Belarus, and President Lukashenka's assistance hasn't always proceeded happily. The Telegraph reports that the Byelorusian leader appears to have revealed Russian plans that might extend combat operations to other neighboring countries, notably Moldova. Those plans may be unreal, preliminary, or otherwise predecisional, but putting about the notion that the war could spread is unlikely to be the sort of message President Putin would want to send.

A failure of Western intelligence, at least in some of its think-tank manifestations, is also in evidence: the Russian army is apparently far less capable than most had believed.


The UK and the US have continued to denounce the Russian war in Ukraine in ever harsher terms, the Telegraph reports, but no one should expect much conciliation from Russian Foreign Minister Lavrov, who remains as obdurate as his master. The AP characterizes Mr. Lavrov as "Minister No," and says he's been that way for a long time.

One effect the Russian war is having was certainly not intended: NATO membership has never looked more attractive.

Russian cyberattacks against Ukraine were under preparation for some time before the invasion.

SecurityWeek has an update on ESET's research into Russian cyberattacks against Ukrainian targets. The company says it's detected a worm, HermeticWizard, that's spreading HermeticWiper, which, as its name suggests, is data-erasing malware. ESET has also found HermeticRansom in the wild, which adds a capability for extortion to the campaign. CrowdStrike has also detected the Go-based ransomware, which it's calling "Party Ticket," but which it confirms is the same malware as HermeticRansom. Kaspersky assesses the ransomware as misdirection for the wiper campaign, which would be consistent with Russian practice at the outset of the war against Ukraine.

Deep Instinct puts the timing of the Hermetic campaign into the context of the onset of the Russian invasion, and it offers the following assessment and prediction:

"The ongoing Russian-Ukrainian conflict is already causing a significant escalation in the quantity and scope of attacks from many, disparate parties. Elevated activity is being seen from state-sponsored groups, non-state-sponsored actors, and by independent hacktivists like the Anonymous group. 

"The unprecedented raft of sanctions enacted against Russia may invoke further retaliation and response in the form of cyberattacks by Russian-based organized cybercrime groups and state-sponsored or contracted actors. We have already seen several cyber gangs supporting Russia threaten to use their resources to strike back against nations and organizations that may coordinate cyberattacks against Russia. 

"We estimate the ongoing physical conflict escalation combined with the new sanctions will lead to a higher risk profile; this will be heightened for sectors associated with sanctions and have high economic or national security value. These may include financial services, aviation and aerospace, energy, and critical infrastructure.  

There are reports of "local" Russian jamming of GPS in and around Ukraine, but so far, Breaking Defense reports, their effect seems relatively contained. US support operations in particular are said to be unaffected.

Ukraine and its sympathizers strike back against Russia in cyberspace.

Ukraine has shown some ability to attract hacktivists and volunteer hackers to its cause, the Wall Street Journal reports, and Vice describes some of their activities, many of which have taken the familiar form of vandalism, defacing websites and performing other mischief.

Of arguably more significance have been signs that Ukraine has been able to obtain, and publish, material from online Russian sources. Ukrainska Pravda reports that "The Centre for Defence Strategies has acquired the names of 120,000 Russian servicemen who are fighting in Ukraine." These have been posted online. That's unlikely to have any tactical effect, but it can't be good for either morale or for Russian confidence in the security of its networks. There are also reports that some FSB files have been taken.

Laws of armed conflict in cyberspace.

The Wall Street Journal discusses the difficulties of applying the laws of armed conflict in cyberspace. The essay singles out three difficulties. First, many of the specific laws of war codified by treaty involve prohibitions of particular weapons (projectiles made of glass, chemical agents, biological agents, and so on). Second--and this will be a familiar point--attribution of cyberattacks is notoriously difficult. And, third, there's an argument some might make that the participation of non-state actors in cyber conflict tends to blur the lines between combatant and noncombatant, which is a central distinction in the law of armed conflict. Indeed, the murky purposes of non-state actors and the uncertain control under which they operate does indeed complicate attribution and accountability.

Some international law does seem clearly applicable to cyberspace. For example, Ukraine has posted video of Russian prisoners, which some argue represents a violation of the provisions of the Geneva convention that prohibit exposing prisoners of war to public humiliation and public curiosity. That's a charge that could, at least in principle, be adjudicated. On the one hand it might be a prohibited "insult" to the prisoners; on the other, it can be construed as a humanitarian gesture offering "proof of life" to prisoners' families. Military Times quotes an expert in international law whose best guess is that it's a misdemeanor-level offense.

Other statutory and customary laws of war would obviously come into play when cyberattacks have kinetic effects, particularly if those effects hit protected persons, or exhibit an undue lack of discrimination.

Some of the activity in cyberspace seems clearly permissible. Website or device defacements that say "Putin is a d**khead," as have been observed in Russia, don't present any obvious criminal case, no more than claims that the Russian President has now established himself as "the world's most toxic man." (Indeed, under some domestic legal systems, they might not even constitute a civil tort. Under US law, to take one example, truth is an absolute defense to an accusation of slander. Reflect on that in your dacha, President D**khead.)

Resilience under cyberattack.

WIRED reports that Ukrainian networks have proven more resilient than anticipated, even under Russian cyberattack. According to Space News, SpaceX has made a contribution in-kind to a more resilient Ukrainian Internet, delivering, as promised, a number of StarLink terminals and the services that go with them.

Big Tech pushes back against Russian disinformation.

Platformer gives the social networks generally favorable marks for being on the side of the angels during Russia's war against Ukraine. Here are some of the specific measures Big Tech has taken.

Apple is the latest Big Tech firm to shut out Russia. "We are deeply concerned about the Russian invasion of Ukraine and stand with all of the people who are suffering as a result of the violence," Reuters quotes an Apple representative as explaining. "We are supporting humanitarian efforts, providing aid for the unfolding refugee crisis, and doing all we can to support our teams in the region." MacRumors reports more of the company's statement:

"We have taken a number of actions in response to the invasion. We have paused all product sales in Russia. Last week, we stopped all exports into our sales channel in the country. Apple Pay and other services have been limited. RT News and Sputnik News are no longer available for download from the App Store outside Russia. And we have disabled both traffic and live incidents in Apple Maps in Ukraine as a safety and precautionary measure for Ukrainian citizens. We will continue to evaluate the situation and are in communication with the relevant governments on the actions we are taking. We join all those around the world who are calling for peace."

YouTube has banned Russian media outlets from its platform across Europe, POLITICO reports. Google Europe tweeted a terse explanation: "Due to the ongoing war in Ukraine, we’re blocking YouTube channels connected to RT and Sputnik across Europe, effective immediately. It’ll take time for our systems to fully ramp up. Our teams continue to monitor the situation around the clock to take swift action."

Facebook's corporate parent Meta has taken two steps: it's both demoting Russian media content as probable disinformation, and it's seeking to improve user safety with an encrypted Instagram messaging app. According to Protocol, Meta's President of Global Affairs sees the second move as particularly important. "We think it is essential, as long as this continues, that ordinary Russians can use our services to express themselves, organize and protest and reach out to family and friends in the wider community," Clegg explained. The downgrading of Russian media principally affects RT and Sputnik, which have generally come to be seen, particularly in Ukraine and the EU, as the most prominent vectors of Russian disinformation.

Denazification disinformation.

No one is really buying the Russian line that the war was necessary to "denazify" a genocidal Ukrainian fascist junta that was itself bent on Russia's destruction, and it's difficult to find much conviction anymore in the routine Russian diplomatic assertions (repeated in Russian domestic media) that, no, really, that's what's going on here.

If anything the memes have been reversed, with Russia generally regarded as a European aggressor not seen since the time of the actual Nazis in 1939. Ukraine's ambassador to the United Nations read a text he said had been intercepted in which a Russian soldier expressed bewilderment and disaffection: “There is a real war raging here. I am afraid. We are bombing all of the cities, together. Even targeting civilians. We were told that they would welcome us and they are falling under our armored vehicles, throwing themselves under the wheels and not allowing us to pass. They call us fascists, Mama, this is so hard.” The authenticity of the text is impossible to determine, especially the poignant touch that claims it was sent just before the soldier was killed. But this sort of claim will have legs in a way that calling President Zelenskyy a Nazi clearly does not.

Crowdsourcing a war economy.

The Atlantic Council reports that Ukraine is attempting, with some minor success, to crowdfund its war effort.

Sanctions and their effects.

The Moscow stock exchange remains closed in the longest shutdown since 1998. Bloomberg reports that the exchange closed over the weekend and has yet to resume trading as sanctions bite ever deeper into the Russian economy. According to Reuters the exchange will not reopen today.

The ruble itself has cratered under the effect of sanctions. One Russian ruble is currently worth, Business Insider reports, less than one US cent.

Commodities traders are avoiding Russian suppliers, and commodities' prices are consequently rising.

One well-known Russian company, and a company that has customers abroad because it produces a product that people actually want, is the cybersecurity firm Kaspersky. Kaspersky hasn't been free of suspicion of Kremlin influence (indeed, a few years ago its anti-virus products were excluded from US Government networks on the grounds that they allegedly collected too much information about the networks they protected). But in general Kaspersky has achieved international status as a normal company. Presently, according to Vice, Kaspersky is attempting a difficult balancing act: it's a Russian business trying to occupy a neutral ground in Russia's war against Ukraine. Founder Eugene Kaspersky's tweets include these: “We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone." And, “Like the rest of the world, we are in shock regarding the recent events. The main thing we can do in this situation is provide uninterrupted functioning of our products and services globally.”