Ukraine at D+368: The war's first anniversary passes.
N2K logoFeb 27, 2023

The first anniversary of Russia's invasion passes, but marked by diplomacy and disinformation rather than the expected Russian offensive.

Ukraine at D+368: The war's first anniversary passes.

Action around the first anniversary of Russia's invasion of Ukraine has been limited to fighting around the towns of Kupiansk, Lyman, Bakhmut, Avdiivka and Shakhtar, Al Jazeera reports. The major Russian offensive widely expected around that anniversary has failed to materialize, but the past week and weekend have been marked by much diplomacy and disinformation.

Ukrainian President Zelenskyy yesterday relieved Major General Eduard Moskalyov, who had been serving as commander of the joint forces of Ukraine operating in the Donbas. According to Reuters, no reason was given for the relief.

Explosions in Russian-occupied Mariupol.

The UK's Ministry of Defence (MoD) this morning discussed explosions over the past week in Mariupol. "Since 21 February 2023, pro-Russian officials have reported at least 14 explosions around the Russian-occupied city of Mariupol. Sites of the incidents have included an ammo cache at the airport, two fuel depots, and a steel works that Russia uses as a military base. Mariupol lies at least 80km away from the front line. Russia will likely be concerned that unexplained explosions are occurring in a zone it had probably previously assessed as beyond the range of routine Ukrainian strike capabilities. Although widely devastated earlier in the war, Mariupol is important to Russia because it is the. largest city Russia captured in 2022 that it still controls, and sits on a key logistics route.

Recently mobilized Russian troops suffer disproportionate casualties.

Russian losses in the Donetsk are attributed, by the UK's MoD to the inexperience of newly mobilized personnel, even in elite Naval Infantry organizations. "Imagery shows concentrated Russian vehicle losses in the Vuhledar sector of Donetsk Oblast. These vehicles were likely elements of Russia’s 155th Naval Infantry (NI) Brigade which has been at the forefront of recent costly offensives. NI is seen as an elite infantry force within the Russian military. Unlike the similarly prestigious airborne infantry (VDV), NI has not deployed as a single large formation in Ukraine. Instead, individual units have been attached to Ground Forces-dominated Groups of Forces. As such, NI has been tasked with some of the toughest tactical missions in the war and has suffered extremely high casualties. The supposedly enhanced capability of NI brigades has now almost certainly been significantly degraded because it has been backfilled with inexperienced mobilised personnel. This lack of experience is almost certainly exacerbating Russian officers’ tendency to micromanage, which in turn reduces operational agility. There is a realistic possibility that degraded NI units will again be committed to new assaults near Vuhledar."

Another indicator of high casualties is reported by Radio Free Europe | Radio Liberty: large stocks of coffins stacked at the airport in Novosibirsk.

Iran-supplied Shahed drones fade from the battlefield.

The MoD also reported, Saturday, that Russia seems to have run low on Iranian Shahed drones. "There have not been any reports of Iranian one-way-attack uncrewed aerial vehicles (OWA-UAVs) being used in Ukraine since around 15 February 2023. Prior to this, Ukrainian armed forces reported shooting down at least 24 Shahed-136 OWA-UAVs between late January and early February 2023; and scores were destroyed in the first few days of the year. This lack of OWA-UAV deployments likely indicates that Russia has run down its current stock. Russia will likely seek a resupply. Although the weapons do not have a good record in destroying their intended targets, Russia likely sees them as useful decoys which can divert Ukrainian air defences from more effective Russian cruise missiles."

Further assessments of the cyber phase of Russia's war so far...

As the war passed the first anniversary of Russia's invasion last week, the many assessments of Russian cyber operations offered agree that they fell far short of pre-war expectations. The poor results weren't from want of trying. "In the weeks before and immediately after Russia launched its war against Ukraine on February 24, 2022, Russia appeared to intensify its attacks in cyberspace, with distributed denial-of-service (DDoS) attacks, disruptive wiper malware, and misinformation campaigns," Security Week writes, adding a summary of industry consensus. "While everyone has been concerned about highly disruptive and even destructive cyberattacks against Ukraine’s critical infrastructure, there have been no reports of a major incident to date, and Ukraine continues to improve its cyber defense capabilities."

Axios speculates that a lack of serious, crippling Russian cyberattacks against the Western countries that have supported Ukraine is due to effective deterrence. That is Russia was restrained from hitting NATO members in a serious way because Moscow was wary of provoking more retaliation in cyberspace than it could handle. Against this it should be noted that Russian auxiliaries and privateers have been active against Western targets, but have achieved little more than nuisance effects in the form of distributed denial-of-service (DDoS) attacks, ransomware, and a few defacements, inconvenient, but a nuisance, and not crippling or destructive. Those attacks seem largely to have been carried out by criminal groups acting as either privateers or auxiliaries. The Russian intelligence services seem to have engaged mostly in conventional espionage.

It's also important to note that while Russian offensive cyber action against Ukraine has been heavy, and marked by the intelligence services' attempts at disruptive attacks (using wipers, for example), there too it's failed to achieve significant results. Ukrainian resilience has blunted much of the Russian cyber offensive's effects. ESET offers a history of wiper attacks over the course of the war, and also notes that "many of the attacks have been detected and thwarted." CyberScoop draws attention to the success of Ukrainian defensive measures, which have certainly blunted the effects of the wipers and other attempts to influence the outcome of the war in cyberspace. In general, in the Washington Post's assessment, it would seem that the advantage in cyberspace has shown signs of shifting toward the defenders.

...but they're accompanied by continuing cautions against complacency.

Foreign Policy concludes that one of the casualties of Russia's war has been Russia's own cybercriminal ecosystem, disrupted by the loss of easy collaboration with (or at least non-interference by) criminal colleagues from other nations in the post-Soviet Near Abroad. Their essay quotes Georgia Tech professor Nadiya Kostyuk: “Throughout the war, the Kremlin used the internet to collect information and intelligence,” she said. “Russia’s invasion in Ukraine demonstrated that cyberconflict is less about being an important virtual combat theater but more about being a separate set of intelligence contests and information operations.”

That could change, however, and one of the possibilities Foreign Policy raises is described by Samantha Lewis, manager of strategic geopolitics at Recorded Future’s Insikt Group. “There is always the threat that they’ve been withholding capabilities. I would be shocked if we were to find out that Russia had actually used the best of its best,” Lewis said. “I don’t think Putin’s threat calculus has changed, and I think that the [Russian] strategy of continuing this protracted conflict until the West gets bored of supporting [Ukraine is] … more likely. But the concern is that if at some point they just decide they are going to launch those withheld operations, if they do exist, that sort of does keep me up at night.”

Thus organizations are advised to stay alert, as CISA cautioned last week in a renewed Shields Up warning. The Canadian Centre for Cybersecurity issued a comparable warning Friday: "The Communications Security Establishment (CSE) is urging Canadian organizations to be vigilant and prepared for potential malicious cyber activity following the one-year mark of Russia’s full-scale invasion of Ukraine. CSE’s Canadian Centre for Cyber Security  (Cyber Centre) is specifically warning Canadian organizations and critical infrastructure operators to be prepared for the possible disruptive and defacement of websites by cyber threat  actors aligned with Russian interests. The Cyber Centre continues to remind the Canadian cyber security community – especially the operators of government and critical infrastructure  web sites – to adopt a heightened state of vigilance, and to bolster their awareness of and protection against malicious cyber threats." The Cyber Centre draws Canadians' attention to these resources and bits of advice; people in other countries can profit from them as well:

  1. "Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure
  2. "The Cyber Centre’s Top 10 IT security actions to protect internet connected networks and information including to Consolidate, monitor, and defend Internet gateways; and Isolate web-facing applications.
  3. "The Cyber Centre’s awareness series publication on Website defacement
  4. "Joint Cyber Security Advisory Technical approaches to uncovering and remediating malicious activity
  5. "Review perimeter network systems to determine if any suspicious activity has occurred.
  6. "Review and implement preventative actions outlined within the Cyber Centre’s guidance on protecting your organization against denial of service attacks;
  7. "Report any cyber incidents to the Cyber Centre."

Nuisance-level hacktivism comes from Ukraine, too.

TechCrunch reports that members of the pro-Ukrainian hacktivist group CH01 defaced a series of Russian websites with images of a burning Kremlin, a song by Kino, and a QR code that directed visitors to CH01's Telegram channel, where the group had posted its brief manifesto: "Hacker group CH01 in solidarity with the entire civilized world, in order to restore justice and the triumph of the forces of light and goodness, on the anniversary of the terrorist invasion of dictatorial Russia into a strong and independent Ukraine, we declare cyber war on dictatorship and totalitarianism and the idiocy of Putin’s criminal regime. Let the prophecy come true…”

Latest rounds of sanctions include Russian cyber companies.

On Friday the US Treasury Department issued a new round of sanctions. Some of the companies named in the announcement are said by Treasury to have provided intelligence, IT support, and cybersecurity services to the Russian government: 0Day Technologies, Forward Systems R&DC, Novilab Mobile, AO Russian High Technologies, and ZAO Akuta. The European Union on Saturday also issued new sanctions--its tenth round. The sanctioned organizations include some media outlets regarded as complicit in distributing Russian disinformation. 

One significant international organization also took action against Russia Friday. The Wall Street Journal reports that the Paris-based Financial Action Task Force (FATF), an intergovernmental body that establishes anti-money-laundering standards, suspended Russia's membership in the organization. T. Raja Kumar, FATF president, said, “All of these measures effectively mean that Russia is sidelined from the organization and will remain suspended.” Russia denounced its suspension as "unfounded," adding that it "does not follow the established procedures and goes beyond the mandate of the organization.”

Private sector assistance to Ukraine.

Private sector organizations from many countries have helped Ukraine defend itself from Russian attacks. The Atlantic Council this morning published a description of how public-private partnership for cyberdefense has evolved over the course of the war. IT Word Canada offered an overview that names some of the companies who've provided conspicuous support to Ukrainian resilience. "Separately, since the war began, Microsoft, Google, Amazon, Mandiant, ESET, Palo Alto Networks, Cisco Systems and other IT companies have donated software, threat intelligence and countered misinformation to augment Ukraine’s capabilities. They helped the government and the Ukrainian hacker underground that emerged."

The Professional Services Council (PSC), an association of more than four-hundred "small, medium, and large businesses that provide [US] federal agencies with services of all kinds, including information technology, engineering, logistics, facilities management, operations and maintenance, consulting, international development, scientific, social, environmental services, and more," has published a summary of assistance its members have rendered to Ukraine during Russia's war. Much, but not all, of that assistance has been for cyber defense, rendered in conjunction with US agencies. "American contractors have partnered with agencies across the U.S. federal government to provide critical services that help Ukraine in sectors from agriculture and energy to social and legal services, from support to refugees and internally displaced peoples to digital and IT assistance," the PSC wrote.