Amid uncertainty with respect to the next phase of Russia's war in Ukraine, Russia officially draws closer to cybercriminal groups serving as privateers and auxiliaries. Killnet attacks NATO networks supporting earthquake relief in Turkey and Syria.
Ukraine at D+354: Operational uncertainty.
Fighting continues around Bakhmut, where, according to the New York Times, a "Free Russian Legion" is fighting for Ukraine. The troops are said to be a mixture of ethnic Russians from Ukraine and Russian citizens who've crossed to join Ukraine out of disaffection with their government's invasion of that country. The Times summarizes, "They have taken up arms against Russia for a variety of reasons: a sense of moral outrage at their country’s invasion, a desire to defend their adopted homeland of Ukraine or because of a visceral dislike of Russia’s president, Vladimir V. Putin. And they have earned enough trust from Ukrainian commanders to take their place among the forces viciously fighting the Russian military." On the other hand, NATO Secretary General Stoltenberg says the Russian offensive has already begun, and cites heavy Russian casualties as evidence for that assessment.
The New York Times offers an appreciation of both sides' strategic and operational plans. Russia hopes for a symbolic tactical victory in Bakhmut, and also hopes that Ukraine's Western support will wear out over the course of the year, giving Russia's superior numbers an opportunity to be felt. Ukraine is looking for opportunities to retake ground in the "land bridge" linking Russian occupied territory, including Crimea and the Donbas.
Reassessing the possibility of a Russian offensive.
A Russian offensive around the first anniversary of the invasion remains likely, but Ukrainian sources, who'd earlier warned of the possibility, now report mixed signals with respect to Russian intent. According to the Kyiv Post, Andriy Chernyak, of the Ukrainian Defense Ministry's Main Intelligence Directorate, said "Russian command does not have enough resources for large-scale offensive actions. The main goal of Russian troops remains to achieve at least some tactical success in eastern Ukraine.”
The Wall Street Journal reports that Ukraine believes Russia has paused plans for further mobilization lest those interfere with the ability to carry out an offensive this month. Major General Vadym Skibitsky, deputy head of Ukrainian military intelligence, said, "They are preparing for the second wave of mobilization, but we believe that they will postpone it because they have not tackled all the challenges encountered during the first wave. They were not ready for such a large-scale mobilization then, and neither are they ready now,"
Russian occupation forces dig in amid operational uncertainty.
The UK's Ministry of Defence this morning speculated about the purpose of Russian defensive preparations. "As of 07 February 2023, open source imagery indicated Russia had likely further bolstered defensive fortifications in central Zaporizhzhia Oblast, southern Ukraine, particularly near the town of Tarasivka. As of 08 January 2023, Russia had established defensive fortifications between the towns of Vasilyvka and Orikhiv, Zaporizhzhia Oblast. Despite the current operational focus on central Donbas, Russia remains concerned about guarding the extremities of its extended front line. This is demonstrated by continued construction of defensive fortifications in Zaporizhzhia and Luhansk oblasts and deployments of personnel. Russia’s front line in Ukraine amounts to approximately 1,288 km with the Russian-occupied Zaporizhzhia oblast frontline at 192 km. A major Ukrainian breakthrough in Zaporizhzhia would seriously challenge the viability of Russia’s ‘land bridge’ linking Russia’s Rostov region and Crimea; Ukrainian success in Luhansk would further undermine Russia’s professed war aim of ‘liberating’ the Donbas. Deciding which of these threats to prioritise countering is likely one of the central dilemmas for Russian operational planners."
The Special Military Operation, as seen by Russia's Ministry of Defense and the Wagner Group.
On Saturday morning the UK's Ministry of Defence offered an update on the state of Russian recruiting in prisons, and the related likelihood of a further more general mobilization. "On 09 February 2023, Wagner Group head Yevgeny Prigozhin stated that Wagner had halted its prisoner recruitment scheme. Data from the Russian Federal Penal Service had already suggested a drop-off in the rate of prisoner recruitment since December 2022. News of the harsh realities of Wagner service in Ukraine has probably filtered through to inmates and reduced the number of volunteers. A key factor in the termination of the scheme is likely increasingly direct rivalry between the Russian Ministry of Defence and Wagner. The regular Russian military has likely now also deployed the vast majority of the reservists called up under ‘partial mobilisation’. The Russian leadership faces the difficult choice of either continuing to deplete its forces, scale back objectives, or conduct a further form of mobilisation."
Wagner Group capo Yevgeny Prigozhin has said, Reuters reports, citing a Friday post in Semyon Pegov's now-shuttered Russian milblog, that Russia is unlikely to realize its objectives in Ukraine this year. Those objectives are assumed to be control of Donetsk and Luhansk. Prigozhin said: "As far as I understand, we need to close off the Donetsk and Luhansk republics and in principle that will suit everyone for now. If we have to get to the Dnipro, then it will take about three years." It's worth noting that Russian President Putin formally annexed not only Donetsk and Luhansk, but also Kherson and Zaporizhshia in September. Russian forces control only portions of those territories at present. Mr. Prigozhin, in that same interview, also disclaimed any political ambitions, but this seems unlikely. An appreciation of his career in the Guardian sees him as a potential rival to President Putin, but that Mr. Prigozhin's reputation may also serve Mr. Putin's interests. "Prigozhin is intentionally hyped up as a bogeyman," Russian insiders say, on background, "to be presented to Russian audiences who fantasise about regime change. The warning is clear: if Putin goes, things could be worse."
Russian general officer casualties have made an impression on China and India.
Japanese intelligence estimates the number of Russian generals killed in action during the special military operation at more than twenty, which is over double the estimates US and British intelligence have arrived at. Nikkei Asia reports that this high senior casualty rate and the underperformance of Russian weapons have "unnerved" both China and India, which have historically depended upon Russian designs and organizational concepts in their own militaries. The senior officer casualties are attributed to effective Ukrainian targeting, to which both cyber intelligence and reports from a hostile local populace have contributed. The two governments have reacted differently. India has engaged in high-level talks with the US. "China appears to have quietly begun providing military support to Russia," a senior Japanese official says.
Casualties among other ranks are also rising.
The UK's Ministry of Defence reported Sunday that Russian casualties have risen to rates not seen since the opening days of this invasion, almost a year ago. Over the past two weeks, Russia has likely suffered its highest rate of casualties since the first week of the invasion of Ukraine. The Ukrainian General Staff release daily statistics on Russian casualties. Although Defence Intelligence cannot verify Ukraine’s methodology, the trends the data illustrate are likely accurate. The mean average for the last seven days was 824 casualties per day, over four times the rate reported over June-July 2022. Ukraine also continues to suffer a high attrition rate. The uptick in Russian casualties is likely due to a range of factors including lack of trained personnel, coordination, and resources across the front – this is exemplified in Vuhledar and Bakhmut."
Killnet claims a DDoS attack against NATO earthquake relief efforts.
The Russian cyber auxiliaries of Killnet claimed over the weekend, “We are carrying out strikes on Nato. Details in a closed channel.” The boast referred, the Telegraph reports, to a distributed denial-of-service attack that's disrupted NATO communications with NATO aircraft delivering humanitarian relief supplies to earthquake-stricken regions of Turkey and Syria. “NATO cyber experts are actively addressing an incident affecting some NATO websites. NATO deals with cyber incidents on a regular basis, and takes cyber security very seriously," a NATO representative said. The effects of the attacks appear to have been limited, and were contained after a few hours.
Killnet and its partners establish a new pro-Russian darknet forum.
Radware has reported that Killnet and its partners in the Deanon Club, working together as the Infinity Team, have established Infinity, a dark net forum that caters to cybercriminals. "The forum offers advertisement spaces, paid status for those who want to perform business on the forum, and is currently offering a variety of hacking resources and services through its hack shop, including DDoS services." The Infinity Team claims to operate from Belarus, and it makes its resources available to "all pro-Russian threat groups," providing a special section where they can post their own content. "These groups include," Radware says, "Beregini, Zarya, RaHDIt, XakNet, DPR Joker, and NoName 057(16)." The forum, and others like it, offer a way for hacktivists to combine patriotism with criminal profit. "If Infinity forum becomes successful, it will produce a windfall of profits for the pro-Russian hacktivist threat groups," Radware concludes.
Not all Russian hackers have been aligned with government policy. Le Monde reports that mobilization has driven a noticeable fraction of Russian cyber talent to flee the country. Hacker-flight represents a special case of a more general wave of people--military-age men, mostly--leaving the country to avoid mobilization.
Naming and shaming.
Wired sees recent US and UK sanctions against Trickbot as representing a new kind of action against ransomware operators: individuals are being named. This brings a greater degree of specificity to sanctions than complaints against government (in this case Russian) agencies.
Whatever the effects of naming and shaming might be, they're unlikely to extend to Russian government action against cybercriminals. According to the Russian outlet Govorit Moskva, which sources its story to TASS, the Duma is considering legal immunity for "hackers acting in the interest of Russia." Alexander Khinshtein, head of the Duma committee on information policy, said last week, “We are talking about, in general, working out the exemption from liability of those persons who act in the interests of the Russian Federation in the field of computer information both on the territory of our country and abroad." The details will be made public once they're worked out.