Ukraine at D+187: Ukrainian counteroffensive against Kherson.
N2K logoAug 30, 2022

Ukraine announces its long-anticipated counteroffensive against occupied Kherson with a warning that urges Russian troops to flee. (Russia maintains that all is still going according to plan, but at this point "keep calm and keep on" sounds like a rhetorical exercise in unlikely insistence.) Montenegro works to recover from a major Russian cyberattack against its infrastructure, more consequential than most other cyber action during the present hybrid war.

Ukraine at D+187: Ukrainian counteroffensive against Kherson.

Ukraine begins its counteroffensive in the Kherson zone.

The long-anticipated Ukrainian counteroffensive toward Kherson, near the Black Sea coast, began overnight. “If they want to survive – it’s time for the Russian military to run away. Go home,” Ukrainian President Zelenskyy said in his nightly address. “Ukraine is taking back its own.”

The UK's Ministry of Defence offered observations this morning on the opening phase of Ukraine's counteroffensive. "From early on 29 August 2022, several brigades of the Ukrainian Armed Forces increased the weight of artillery fires in front line sectors across southern Ukraine. Ukrainian long-range precision strikes continue to disrupt Russian resupply. It is not yet possible to confirm the extent of Ukrainian advances. However, since the start of August, Russia has made significant efforts to reinforce its force on the western bank of the Dnipro River around Kherson. The Southern Military District’s (SMD) 49th Combined Arms Army has highly likely been augmented with components of the Eastern Military District’s (EMD) 35th Combined Arms Army. Most of the units around Kherson are likely under-manned and are reliant upon fragile supply lines by ferry and pontoon bridges across the Dnipro. This integration of SMD and EMD units suggests a significant reorganisation of Russia’s force in Ukraine. There is a realistic possibility that Russia has moved to rationalise the several, semi-independent, operational commands which contributed to its poor performance early in the invasion. If Ukraine succeeds in undertaking sustained offensive operations, the cohesion of this untested structure will likely be a key factor in the sustainability of Russian defences in the south."

While "intense fighting" and breakthroughs into Russian-held positions have been reported, Ukrainian officials have cautioned against premature optimism, predicting a long, protracted struggle.

For its part, official Russia says the Ukrainian offensive has already failed. Kremlin mouthpiece Dmitry Peskov said: “The special military operation continues, it continues methodically, and in co-ordination with the current plans. All objectives will be fulfilled."

Questions about Russian command and reconstitution.

TheHill reports that the US Department of Defense doubts that Russia will be able to meet the recruiting objectives Russian President Putin announced late last week. A Defense official told reporters that Russia is “unlikely to succeed, as Russia has historically not met personnel end strength targets.” Even reaching those numbers might not make much difference in the field, the official added: “Many of these new recruits have been observed as older, unfit and ill trained. So what this all suggests to us is that any additional personnel Russia is able to muster by the end of the year may not, in fact, increase overall Russian … combat power."

Defense Minister Shoigu may have worn out his welcome with the boss. The Telegraph reports that President Putin is increasingly bypassing Mr. Shoigu, both receiving reports from, and giving directions to, his generals directly.

Montenegro works to recover from a Russian cyberattack.

The cyberattack against Montenegrin infrastructure, which the government has attributed to Russia, appears to have been both extensive and consequential. "Targets include electricity and water supply systems, transportation services, online portals that citizens use to access various state services, and more," BleepingComputer writes. Power plants have switched to manual operations, and many government IT services have been taken offline to contain the effects of the attack. The country's Minister of Public Administration was at pains to reassure citizens that their data were safe: “Although certain services are currently temporarily disabled for security reasons, the security of the accounts of citizens and business entities and their data is not in any way endangered.”

The Record reports that France has responded to requests for assistance by sending a team from the National Agency for the Security of Information Systems (ANSSI) to assist Montenegro with recovery efforts. Montenegro's Defense Minister Raško Konjević blamed Russia, suggesting that only Russia had a motive to hit government IT systems. “Who could have some kind of political interest in inflicting such damage on Montenegro? I think there is enough to suspect that Russia is behind the attack,” Euractiv quotes Konjević as saying.

Other Eastern European states deemed enemies of Russia have recently sustained cyberattacks, mostly nuisance-level DDoS campaigns, in recent weeks. Targets have included networks in Moldova, Slovenia, Bulgaria, and Albania. The effects of the attack against Montenegro seem more serious than most of what's been so far seen in Russia's hybrid war.

Russian streaming platform sustains a data leak.

The Record reports that the Russian streaming service START, which supplies content to users in at least one-hundred-seventy-four countries, disclosed Sunday that it has sustained a data leak. How serious that leak was START hasn't said, but the Russian Telegram channel Information Leaks, which published screenshots purporting to be proof-of-hack, says the leak amounted to seventy-two gigabytes and included data on forty-four-million customers. According to the Record, "The leaked information includes usernames, email addresses, hashed passwords, IP addresses, users’ countries of registration, subscription start and end dates, and the last login to the service." Most of the affected users are thought to be in Russia, but substantial minorities are from Kazakhstan, China, and Ukraine. Those responsible for the incident (and it's unclear who they are, and whom they might be working for, other than themselves) claim they got the information from an exposed MongoDB database.