Ukraine at D+158: Crowdsourcing a response to HIMARS.

This morning's situation report from the British Ministry of Defense (MoD) describes what appears to be a Russian tactical shift in the Donbas. "Over the last four days, Russia has continued to attempt tactical assaults on the Bakhmut axis, northeast of Donetsk, only managing to make slow progress. As briefed by the Ukrainian authorities last week, Russia is likely reallocating a significant number of its forces from the northern Donbas sector to southern Ukraine. Russia is probably adjusting the operational design of its Donbas offensive after failing to make a decisive operational breakthrough under the plan it had been following since April. It has likely identified its Zaporizhzhia front as a vulnerable area in need of reinforcement.

Saturday the MoD covered Russian preparations for annexation of occupied territory. "It is likely that Ukraine has successfully repelled small scale Russian assaults from the long-established front line near Donetsk city in the Donbas. In the Kherson area, Russian forces have highly likely established two pontoon bridges and a ferry system to compensate for the fact that nearby bridges have been damaged in recent strikes. Across the newly occupied territories in southern Ukraine, Russian-installed authorities are highly likely under increasing pressure from Moscow to consolidate their control over the region and prepare for referendums on joining Russia later in the year. Russia currently classes the occupied areas as under interim ‘civil-military administration’. Local authorities are likely coercing the population into disclosing personal details in order to compose voting registers." The MoD doesn't say so, but compilation of dossiers containing personal information is more useful in preparing target packages than it is in registering voters. Voter registration is hardly required for the sort of Potemkin referenda planned for the occupied territory.

The MoD's Sunday morning report reflected on Thursday's Russian missile strikes against Ukrainian cities and considers what they signify with respect to Minsk's position in the war--a number of the missiles were fired from Belarusian territory. "On 28 July 2022, Russia fired at least 20 missiles into northern Ukraine from Belarusian territory. This follows Russia’s use of Belarusian territory to launch the main thrusts of its failed attempt to take Kyiv in February. Belarusian President Aleksandr Lukashenko continues to follow Moscow’s line on the Ukraine conflict, stating on 21 July that Ukraine must accept Russia’s demands for the war to stop. His regime has become ever more authoritarian, with the expansion of the death penalty for ‘preparing terrorist acts’. His increasing and baseless accusations of Western designs on Belarus and Ukraine likely indicate that he has become almost wholly dependent on Russia." Belarus seems to have become at best a Russian satrapy.

War crimes and war crimes investigations.

The International Committee of the Red Cross, which under international law inspects prisoner-of-war camps, tweeted over the weekend that it had yet to be granted access to the Russian-operated Olenivka prison. "Granting ICRC access to POWs is an obligation of parties to conflict under the Geneva Conventions," the ICRC pointed out. About fifty Ukrainian prisoners of war are believed to have been killed at Olenivka last week. According to Reuters, Russia claims the prisoners died during a Ukrainian rocket attack, which Ukraine denies conducting. Ukraine charges the Russians with responsibility for both killing the prisoners and staging a provocation. Yahoo News summarizes the evidence that the killings were committed by Russian forces with the dual purpose of killing prisoners they did not wish to exchange (many of them were taken during the fighting at Azovstal) and of discrediting Ukrainian forces.

Hack-and-leak operation against Lockheed Martin threatened.

Sputnik tells the story from the side of the threat actors, who in this case represent the front group KillNet. The Kremlin outlet quotes the group's leader, known by the nom-de-hack "KillMilk, "Starting today, defense industry corporation Lockheed Martin will be a target of my cyberattacks… I am against weapons! I am against merchants of death." Lockheed Martin produces HIMARS rockets. Newsweek quotes another statement by the group: "The notorious HIMARS multiple launch rocket systems, supplied to Ukraine by the aforementioned military-industrial corporation, allow the criminal authorities of the Kiev regime to kill civilians, destroy the infrastructure and social facilities of the still temporarily occupied Ukraine." KillNet has been talking their campaign up for some time. On July 22nd the group said, "We are using a new type of attack, we have no equal in this area. This is a new technology that we are using for the first time against the world's largest arms manufacturer—Lockheed Martin." Sputnik says the operation will be a "hack-and-leak" campaign, and that KillNet has invited other groups to participate.

Killnet's leader departs, probably to form a new group.

The nominally hacktivist group Killnet, which since the beginning of the war against Ukraine has attacked Western targets in the Russian interest, may be undergoing a reorganization, or at least a change in leadership. SC Magazine reports that the threat actor's founder and leader, KillMilk, has said he intends to leave Killnet to form a new group. He'll be succeeded by someone with the nom-de-hack "BlackSide." BlackSide is said to be the administrator of a criminal special-access forum hosted on Tor. He's supposed to be a specialist in "ransomware, phishing, and theft from European cryptocurrency exchanges." KillMilk's departure is said to be connected to his group's threatened campaign against Lockheed Martin, which he expects to draw considerable adverse attention from law enforcement. He's said to be actively recruiting members for his new group.