Ukraine at D+235: Russia resumes drone strikes and nusiance-level cyber ops.
N2K logoOct 17, 2022

Russia resumes drone strikes (with Iranian-supplied drones) against Ukrainian cities. Ukraine strikes Russian border region. DDoS and ransomware hit targets in Ukraine, Poland, and Bulgaria. The attacks are in the Russian interest, but have not achieved more than a nuisance effect.

Ukraine at D+235: Russia resumes drone strikes and nusiance-level cyber ops.

The BBC reports that explosive drones hit Kyiv, Mykolaiv (where they set sunflower oil storage tanks afire), Sumy, and Dnipro. Drone strikes continued against civilian targets in Kyiv Monday morning, the AP reports.

Explosions of an undetermined type hit the Russian region of Belgorod, home to numerous Russian military staging and support areas. Whether they were missile, air, or special operations strikes, the New York Times says, is at present unknown.

Ukrainian forces continue to hold the Donbas town of Bakhmut, the objective of a limited Russian offensive, Al Jazeera reports.

Russia's partial mobilization--effectively its draft, albeit covered with the fig leaf of individual reserve activation--continues to be chaotic, and its unpopularity grows. The New York Times describes ill-prepared, untrained, and poorly equipped troops being fed into combat within days of their conscription.

Drone bombardment continues, but Russia may be running low on long-range strike weapons.

Sunday morning's situation report from the MoD concentrated on Russia's rapid expenditure of long-range and (relatively) precise weapons."On 10 October 2022, Russia probably fired more than 80 cruise missiles into Ukraine. President Putin claimed the strikes were in retaliation for the attack on the Kerch Bridge. Ukraine’s defence ministry reported that more than half of the projectiles were shot down, but dozens struck Kyiv and other population centres, killing civilians and damaging civil infrastructure. Russia’s defence industry is probably incapable of producing advanced munitions at the rate they are being expended. These attacks represent a further degradation of Russia’s long-range missile stocks, which is likely to constrain their ability to strike the volume of targets they desire in future."

With Russia expending ammunition faster than it can be replenished, Iran is emerging, the Washington Post reports, as an increasingly important supplier of the Russian armed forces. The drones are vulnerable to air defenses, and, according to ABC News, France has become the latest Western nation to promise quick shipment of air-defense systems to Ukraine.

Short-term effects of the damage to the Kerch Bridge.

"Logistical issues faced by Russian forces in southern Ukraine have likely become more acute following damage to the Kerch Bridge on 08 October 2022," the UK's Ministry of Defence (MoD) said this morning. "Repair efforts are ongoing, and it is open to some traffic. However, a large queue of waiting cargo trucks remains backed up near the crossing. Russian forces operating in southern Ukraine are likely increasing logistical supply flow via Mariupol in an attempt to compensate for the reduced capacity of the Kerch Bridge. With the Russian presence in Kherson strained, and the supply routes through Crimea degraded, the ground line of communication through Zaporizhzhia Oblast is becoming more important to the sustainability of Russia’s occupation. The city of Melitopol is a junction of supply routes and hosts a major Russian aviation presence."

Corruption aggravates Russian logistical shortfalls.

On Saturday the UK's MoD offered a bleak assessment of the state of equipment on display in the Russian reserves now being deployed to Ukraine. It's below the low standards of the Russian regulars who conducted the initial invasion. "Contingents of mobilised Russian reservists have been deployed to Ukraine over the last two weeks. Their average level of personal equipment is almost certainly lower than the already poor provision of previously deployed troops." The analysts focus on body armor, and they see shortages as induced by endemic corruption in the Russian military. "Many reservists are likely required to purchase their own body armour, especially the modern 6B45 vest, which is meant to be on general issue to combat units as part of the Ratnik personal equipment programme. This vest has been selling on Russian online shopping sites for 40,000 roubles (approx. USD $640), up from around 12,000 roubles (approx. USD $190) in April. In 2020, the Russian authorities announced that 300,000 sets of Ratnik body armour had been supplied to the Russian military, which was ample to equip the force currently deployed in Ukraine. Endemic corruption and poor logistics remain one of the underlying causes of Russia’s poor performance in Ukraine."

"Prestige" ransomware sighted in attacks on Polish and Ukrainian targets.

Microsoft on Friday reported detecting a novel strain of ransomware the company is calling "Prestige." The campaign deploying Prestige has afflicted organizations in Poland and Ukraine, specifically targeting the transportation and related logistics sectors. "The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks," the researchers wrote, adding that, "The Prestige ransomware had not been observed by Microsoft prior to this deployment."

Who's behind the effort is unclear, but Microsoft sees some circumstantial signs of a connection to Russia, albeit those fall short of justifying an attribution. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)." HermeticWiper was used in the opening days of Russia's invasion of Ukraine against targets in that country and also in Latvia and Lithuania, Reuters observes. Microsoft is tracking the threat actor involved as "DEV-0960."

The attackers used stolen credentials to gain access to the systems they hit. There are indications that the credentials had been stolen some time ago, in advance of the ransomware's deployment, and this suggests that the attackers were timing the attacks for unknown reasons of their own. The ransomware infections were all accomplished within an hour. Microsoft summarized the outlook for future attacks: "The threat landscape in Ukraine continues to evolve, and wipers and destructive attacks have been a consistent theme. Ransomware and wiper attacks rely on many of the same security weaknesses to succeed. As the situation evolves, organizations can adopt the hardening guidance below to help build more robust defenses against these threats."

Distributed denial-of-service attacks interfere with Bulgarian websites.

On Saturday Bulgaria's Prosecutor General blamed Russian operators for a distributed denial-of-service (DDoS) attack that disrupted Bulgarian government websites. Radio Free Europe | Radio Liberty reports that "Prosecutor-General Ivan Geshev described it as a 'serious problem,' calling it 'an attack on the Bulgarian state.' In addition to the president’s office, the distributed denial of service (DDoS) attack paralyzed the websites of the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court." The attack traffic appeared to originate from the Russian city of Magnitogorsk, and the Bulgarian news service Dnevnik says that Russia's KillNet threat group claimed responsibility. Like Poland, Bulgaria has aligned itself with Ukraine during Russia's war.

Mr. Musk tweets his intentions to continue to subsidize Starlink for Ukraine (probably).

"The hell with it …" SpaceX founder Elon Musk tweeted Saturday, "even though Starlink is still losing money & other companies are getting billions of taxpayer $, we’ll just keep funding Ukraine govt for free." CNBC cautiously mentions that it's not clear that the tweet was free of sarcasm, and so perhaps it would be good to wait to see whether the subsidy continues. Mr. Musk did follow his original tweet with an indelicate remark to the effect that the comments on that particular thread amounted to a conspiracy theorist's unusually vivid erotic dream. An essay in TechCrunch argues (under the headline "Starlink isn’t a charity, but the Ukraine war isn’t a business opportunity") that the company should provide more transparency on costs, and that governments should arrange support adequate to meet Ukraine's wartime needs.