Ukraine at D+580: A turn in Russian cyberespionage.
N2K logoSep 27, 2023

Ukraine receives its first M1 Abrams tanks from the US, and ATACMS missiles are on the way. Russia appears to have committed its reserves as Ukraine continues its slow advance. The SSSCIP offers an assessment of Russian cyber operations that confirms a shift toward cyberespionage and suggests a guilty mind with respect to Russian atrocities.

Ukraine at D+580: A turn in Russian cyberespionage.

The Institute for the Study of War (ISW) yesterday said that "the tactical situation in Verbove remains unclear as Ukrainian forces continued offensive operations in western Zaporizhia Oblast on September 26." There seem to be some deliberate Ukrainian advance, but its present extent is imperfectly known.

Elites become ordinary, and the operational reserve is committed.

The ISW also describes signs of interethnic tensions ("Russia is for the Russians," etc.) in the Russian army, but it's difficult to assess how serious these are, and if the evidence cited represents a trend as opposed to a set of isolated incidents of the kind that occur from time-to-time in most of the world's armies.

The Institute does report one other development that was entirely foreseeable: Defense MInister Shoigu is moving to reequip Russian airborne forces as ordinary motorized rifle formations, inevitable as the airborne units are committed to long-term service in the line as simple infantry, and not used as an elite force with great operational mobility.

Russia's newly organized 25th Combined Arms Army has now been committed. The UK's Ministry of Defence (MoD) wrote this morning, "Since mid-September 2023, Russia has highly likely committed elements of its new 25th Combined Arms Army (25 CAA) to action for the first time. The formation started moving into Ukraine from late August 2023. Units from two of 25 CAA‘s manoeuvre components, 67th Motor Rifle Division and 164th Separate Motor Rifle Brigade, are reported to be fighting on the front in a sector west of Severodonetsk and Kreminna, along the border between Donetsk and Luhansk Oblasts." This is significant because it represents Russia's operational reserve. "Since the start of the invasion, Russia has only rarely maintained an uncommitted army-size grouping which could potentially form the basis of a major new offensive thrust. With 25 CAA apparently being deployed piecemeal to reinforce the over-stretched line, a concerted new Russian offensive is less likely over the coming weeks."

In cyberwar, the FSB is more active, but the GRU does more damage.

The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) has issued its report on the cyber phases of Russia's war for the first half of 2023. This assessment of Russian cyber activity in the wake of reports that Moscow's intelligence services are taking a close and focused interest in Ukrainian investigations of Russian war crimes, the FSB (notably its Gamaredon actor) has been the most prolific attacker of Ukrainian networks. Hacktivist auxiliaries acting under Russian government direction have also been active. But the most successful and damaging Russian actor in cyberspace has been the GRU, in the form of its Sandworm organization.

Ukraine continues to show considerable resilience in the face of Russian cyberattacks, and the devastating attacks against the country's infrastructure widely anticipated at the time of the invasion have fallen short of expectations. But as winter approaches, and as Russian state propagandists call for as much suffering as possible to be inflicted on Ukraine's civilian population, Bank Info Security reports that Kyiv's cyber defense efforts are turning to protection of critical infrastructure, especially energy infrastructure, during the coming months.

But concerns about cyberattacks against critical energy infrastructure are prospective. At present, as has been seen in Russian attempts to penetrate Ukrainian law enforcement and other investigative agencies, the focus of Moscow's organs seems to be on collection and influence as opposed to kinetic disruption. Computing notes a combination of advanced approaches and primitive, spray-and-pray tactics, in current Russian campaigns.