Ukraine at D+161: Botnet taken down.
the cyberwire logoJust Now

Ukraine continues to use Western-supplied systems to effect as its counteroffensive continues. In the information wars, a large Russian botnet is taken down.

Ukraine at D+161: Botnet taken down.

The UK's Ministry of Defence (MoD), in this morning's situation report, highlights the continuing effect of Ukrainian fires against Russian logistics, as Ukrainian forces continue to work toward isolation of the battlefield. "Ukraine’s missile and artillery units continue to target Russian military strongholds, personnel clusters, logistical support bases and ammunition depots. This will highly likely impact Russian military logistical resupply and put pressure on Russian military combat support elements." Russian defensive measures recently emplaced to divert incoming missiles are unlikely to have their desired effect. "Russian forces have almost certainly positioned pyramidal radar reflectors in the water near the recently damaged Antonivskiy Bridge and by the recently damaged nearby rail bridge, both of which cross over the Dnipro River in Kherson, southern Ukraine. The radar reflectors are likely being used to hide the bridge from synthetic aperture radar imagery and possible missile targeting equipment. This highlights the threat Russia feels from the increased range and precision of Western-supplied systems." The GMLRS rockets fired by HIMARS don't depend on synthetic aperture radar for guidance.

The MoD is optimistic that the arrival at the Bosphorus of the first grain ship to pass the Black Sea under a recently negotiated agreement may be the first of many more, but a great deal of food remains blocked in Ukraine. "On 03 August 2022, the first vessel with Ukrainian grain arrived at the Bosphorus Strait having transited the Black Sea from Odesa. It is almost certain the success of this transit will result in more frequent transits in both directions. Clearing the backlog caused by the blockade that has been in place since February 2022 will remain a logistical challenge.

UN to investigate deaths of Ukrainian prisoners in Russian camp.

The Guardian reports that the United Nations will investigate the killing of a large number of Ukrainian prisoners at the Russian operated camp in Olvenikia, in Donetsk. It would be, the UN says, a "fact-finding mission." Should international inspectors, journalists, and other investigators gain direct access to Olvenivka, they're likely to encounter Russian-fabricated evidence that the prisoners died in a Ukrainian strike. The AP reports the US assessment of the likely Russian disinformation. A source in the US Intelligence Community says there's evidence that Russian forces are planting HIMARS rocket fragments collected elsewhere at the site. Euromaidan describes why the imagery Russian forces have provided in support of their claims of a Ukrainian strike shows damage that's not really consistent with a HIMARS strike.

Ukraine claims to have taken down a massive Russian bot farm.

The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: "Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’"

On the other side of the information war, BleepingComputer also reported earlier this week that Ukrainian hacktivists, "Torrents of Truth," were bundling instructions on how to bypass Russian censorship into movie torrents whose intended audience would be Russian viewers.

Were Russian cyber operations premature?

The Washington Post offers another contribution, informed by both Ukrainian sources and Western cyber experts, to the discussion of why Russian cyber operations have fallen short of pre-war expectations: the Russians may have jumped the gun with its January 14th wiper attacks, The attacks were disruptive, but they also may have blown access the Russians had established in Ukrainian networks. While access can be blown (and so can attack tools) access itself can also be re-established, so this seems at best a partial explanation of a temporary loss of capability. Still, offensive cyber operations are difficult to conduct successfully, and so premature execution may have resulted in some loss of capability. Ukrainian defenders are also thought to have learned from the advance Russian preparation program, and to have hardened their position in cyberspace accordingly.