Ukraine at D+554: Taking the war into occupied territory.
N2K logoSep 1, 2023

Drone wars, long-range strike, obstacle breaches, and cyber lessons learned. As Ukraine continues its push in the south, observers marvel at the success Russia's nuclear saber-rattling has achieved.

Ukraine at D+554: Taking the war into occupied territory.

The Wall Street Journal reports that Ukrainian advances in Zaporizhia have been consolidated, and are now being expanded through Russian prepared defenses in ways that would support large and rapid mechanized advance.

The Institute for the Study of War yesterday afternoon noted continued Ukrainian advances in Donetsk (near Bakhmut) and Zaporizhia. The Ukrainian General Staff and Ukrainian Deputy Defense Minister Hanna Malyar claimed "unspecified success" in both areas. One advantage Ukrainians have developed is a clear superiority in counterfire capability--the ability to target and neutralize Russian artillery without, at least according to longstanding Russian complaint, any serious Russian counterbattery capability.

Drone war, and the significance of domestic production.

Ukraine has been able to deliver drone strikes well into Russian rear areas, and well inside Russia proper, at least as far east as Moscow. Ukrainian President Zelenskiy said, Radio Free Europe | Radio Liberty reports, after strikes that hit Russian airfields in Pskov and elsewhere, that his country had developed weapons with a range of at least 700 miles, with the demonstrated ability to hit targets at that range. Domestic production is important, as Ukraine has told its international suppliers that it won't use the weapons it receives from them in operations against Russia proper. Al Jazeera reports that "Mykhailo Podolyak, adviser to the head of the Office of the President of Ukraine, said that calls to avoid attacks on Russian territory were 'strange' and would only “encourage Russia to continue its aggression...Nevertheless, Ukraine strictly adheres to the obligation not to use the weapons of its partners to strike Russian territory,' he said."

Fear of provoking Russia to further escalation persists among Western supporters of Ukraine, but this is a matter of deterrence, not international law: there is no reason why legitimate military targets inside Russia should be immune to attack during a defensive war. An essay in the Atlantic Council's UkraineAlert describes the success of Russian nuclear threats. "Although Russia’s nuclear threats suffer from obvious credibility problems, the extreme reluctance of many in the West to test Moscow’s resolve means that these tactics have nevertheless been highly effective in restricting or delaying the delivery of military aid to Ukraine. While the quantity and quality of weapons supplied to Ukraine has steadily increased throughout the past eighteen months, every stage in this process has been marked by hesitation and procrastination."

Ukrainian drones have become a growing threat to Russian airfields and air traffic generally. Several Russian airports have been closed briefly over recent weeks because of Ukrainian drone activity, and Kazakhstan's aviation ministry yesterday issued a safety of flight warning for Russian airspace.

Lines of communication into occupied Crimea.

The UK's Ministry of Defence looked this morning at the Kerch Strait bridge, and the measures Russia has taken to defend that vital yet fragile link to Crimea. "The Kerch Strait is a bottleneck for military logistics support to Russian forces in occupied areas of Kherson and Zaporizhzhia Oblasts. Russia is heavily reliant on the Crimean bridge and ferries to cross the Straits." The defensive measures it's put in place range from blockships and booms to smoke generators and air defense batteries, intended to protect the structure from both marine and aerial drones. "Russia is employing a range of passive defences such as smoke generators and underwater barriers, alongside active defence measures such as air defence systems, to strengthen the survivability of water crossings and minimise damage from future attacks. The bridge's importance for both logistics and symbolism of Russian occupation mandates these extensive protection measures. As of 29 August 2023, imagery confirms Russia has created an underwater barrier of submerged ships and containment booms to deter against Uncrewed Surface Vehicle (USV) attacks against the Crimean Bridge. At the southern part of the bridge, this includes several vessels 160 metres apart. These are located at the same place as the Ukrainian 'Sea Baby' USV attacks on 17 July 2023. Previously, in September 2022, the Russian Navy briefly trialled radar decoys on barges for several days, likely to deter radar seeking missiles. Other countermeasures to protect the bridge include the use of TDA-3 truck-mounted smoke generators, with an exercise conducted on 24 May 2023. This smoke was activated to deter incoming air threats on 12 August 2023."

Cyberwar lessons learned.

As reminders of Sandworm (that is, GRU) attempts at cyberespionage against Ukrainian military targets continue to blow this most recent set of Russian tactics, tools, and procedures, AFCEA's SIGNAL publishes reflections on lessons learned from the war's cyber phases. Ukraine has generally been successful in defending itself against Russian cyber operations, but it was in many respects a near-run thing, with success stemming from a mix of preparation, improvisation, and urgent hard work. Early in the war Ukrainian authorities worked to relocate essential data and services abroad, beyond the reach of Russian kinetic attack. Cloud services became vital, but many government agencies in particular were unprepared for cloud migration. International cooperation, with both friendly governments and the private sector, was important (and would have been eased by some preparatory work to overcome inevitable language barriers).

Much of the successful improvisation, especially with respect to cloud migration and physical relocation, was made possible by anticipatory preparation. Thus two major lessons are, first, prepare, and second, cultivate and exercise partnerships. But the biggest lesson is this: Russian offensive cyber capabilities were grossly overestimated.

The present state of hacktivism is probably its future state as well.

ReliaQuest has taken a look at what it regards as a resurgence of hacktivism, and it finds this resurgence driven largely by Russia's war against Ukraine. The new hacktivists are not the independent actors of Anonymous's early days (indeed, Anonymous proper has faded away). Instead, they're state-inspired and state-directed, sometimes as more-or-less regular auxiliaries like the IT Army of Ukraine, sometimes as semi-criminal organizations, and sometimes as simple fronts for state intelligence services. Groups like KillNet and various privateering gangs represent the distinctive Russian contribution to this hacktivist resurgence. "The lines of attribution between threats are blurring," ReliaQuest writes. "It’s becoming increasingly difficult for security researchers and defenders to distinguish between cybercriminal, nation-state, and hacktivist activity, with many of these groups using similar techniques or deliberately obfuscating their identities." Distributed denial-of-service (DDoS) attacks have become the predominant mode of hacktivist activity, and hacktivists have become increasingly accustomed to using commodity malware available in underground fora. And, of course, hacktivism will continue to provide opportunities for nation-states to hide behind deniable front groups: "It is also likely that nation-state groups will similarly obfuscate their activity by masquerading as hacktivists, either from the outset or by leaving hacktivist-aligned artifacts to throw off defenders’ attempts at attribution."