Learning lessons on the battlefield (and failing to learn them).
Ukraine at D+616: Understanding the positional nature of the war.
Heavy Russian shelling of towns has killed more civilians, and Ukraine expects more attacks against its infrastructure as winter approaches, the Guardian reports.
"Russia has likely lost at least four long range Surface-to-Air Missile (SAM) launchers to Ukrainian strikes over the last week. On 26 October 2023, Russian media reported that three Russian SA-21 launchers had been destroyed in the Luhansk region," the UK's Ministry of Defence wrote in this morning's situation report. "Ukrainian sources reported additional Russian air defence losses in Crimea. Russia has long prioritised ample, high-tech, long range SAM systems as a key component of its military strategy. The recent losses highlight that Russia's Integrated Air Defence System continues to struggle against modern precision strike weapons and will highly likely increase the already significant strain on remaining systems and operators. There is a realistic possibility that as Russia replaces the destroyed systems in Ukraine it will weaken its air defences in other operational areas."
Contrasting command styles in a "positional" war.
General Valerii Zaluzhnyi, Ukrainian Commander-in-Chief, yesterday offered his assessment that the war has become "positional," the Institute for the Study of War (ISW) reports. General Zaluzhnyi sees the keys to victory as air superiority (by which he means enough drones to overwhelm Russian air defenses), mine breaching (in depth), more artillery counterbattery fire, building up reserves, and increasing electronic warfare capability. Radio Free Europe | Radio Liberty quotes General Zaluzhnyi as saying, "The simple fact is that we see everything the enemy is doing, and they see everything we are doing. In order for us to break this deadlock, we need something new." Intelligence, especially OSINT, has so far outstripped OPSEC that operational and even tactical surprise is now very difficult to achieve.
On the other side, Russian Chief of Staff and theater commander General Gerasimov seems prepared to continue frontal assaults against Avdiivka, this time led by infantry supported by artillery. The choice of infantry assaults seems driven by the heavy losses in combat and tactical vehicles Russia sustained around Avdiivka during October's fighting. The open-source project GeoConfirmed puts Russian vehicles lost and damaged since October 9th at, as a minimum, 197.
The ISW sees the contrasting approaches of the opposing commanders--reflective willingness to learn and apply lessons on the one side, repetition of costly failed tactics on the other--as a defining feature of the war so far. "The Russian General Staff is in principle responsible for learning lessons, adapting Russian doctrine, and disseminating lessons and new approaches throughout the force. Chief of the Russian General Staff Army General Valery Gerasimov is ultimately responsible for this failure both in his capacity as chief of the Russian General Staff and as overall theater commander. The contrast between Gerasimov’s failure in this regard and General Zaluzhnyi’s thoughtful and public evaluation of the challenges facing Ukraine and the solutions to them is notable."
Turla deploys some new tools.
Turla, the threat group operated by Russia's FSB that's also known as "Venomous Bear," "Pensive Ursa," "Uroburos," or just plain "Snake," has long operated against Ukraine. Palo Alto Networks' Unit 42 has observed Pensive Ursa (their preferred name for the threat actor) using "an advanced and stealthy .NET backdoor" called "Kazuar." The backdoor has been used against the Ukrainian defense sector, the Ukrainian CERT reported in July, where it's been used to obtain access to a range of sensitive access and information. It hijacks legitimate websites for command-and-control, which renders Kazuar resistant to takedowns, and it also has stealthy and anti-analysis features. Unit 42 offers an extensive account of the forty distinct commands Kazuar supports, and provides a list of indicators of compromise.
Hacktivist auxiliaries dox a Russian air force lieutenant colonel.
Members of the "Cyber Resistance" continue their practice of doxing Russian officers, in this case an air force lieutenant colonel. The officer is deputy commander of radar unit 41520, and bears some responsibility for aircraft maintenance. They rag him as a "war criminal" and a "future major," but he seems to have been a simple target of opportunity, doxed because he happened to be doxable. The files released as proof-of-hack aren't terribly interesting from an intelligence point-of-view: an image of his identity book, a copy of his car insurance document, some correspondence with an unhappy contractor, in short, the typical spiritual impedimenta of a humdrum mid-grade officer's life. It's embarrassing to be doxed, to be sure, and no doubt fun for the Cyber Resistance to count coup against some poor schlub, but is this sort of activity worth it, assuming nothing more sensitive than the guy's insurance bundle was obtained? Or have you blown your TTPs, and done little more than some mildly humiliating red-teaming?
By the way, the insurance documents show that the lieutenant colonel drives a Kia Sportage. Is that still allowed? Shouldn't he be tooling around in a Lada Granta? A patriot would be.