Ukraine at D+420: The future of hacktivist auxiliaries.
N2K logoApr 20, 2023

Russia reports Ukrainian "probes" on the ground, as shake-ups in Russian security forces and hacktivist auxiliaries proceed.

Ukraine at D+420: The future of hacktivist auxiliaries.

Ukraine continues to prepare for its long-awaited counteroffensive, and Russia continues to prepare its defensive lines even as it continues to feed troops into the ruined city of Bakhmut. Russian sources say, the Telegraph reports, that their positions have been "probed" by Ukrainian forces.

NATO support for Ukraine.

On his first visit to Kyiv since Russia's invasion, NATO Secretary General Jens Stoltenberg said that Ukraine deserved to be a member of the Atlantic Alliance. “Let me be clear, Ukraine’s rightful place is in the Euro-Atlantic family,” the AP quotes Stoltenberg as telling a press conference. “Ukraine’s rightful place is in NATO.” He added that NATO support programs would help transition Ukraine away from its old Soviet roots. “This will help you transition from Soviet-era equipment and doctrines to NATO standards and ensure full interoperability with the alliance,” Stoltenberg said. “NATO stands with you today, tomorrow and for as long as it takes.”

The US announced yesterday another round of supplies for Ukraine, valued at up to $325 million. The US will deliver:

  • "Additional ammunition for High Mobility Artillery Rocket Systems (HIMARS);
  • "155mm and 105mm artillery rounds;
  • "Tube-Launched, Optically-Tracked, Wire-Guided (TOW) missiles;
  • "AT-4 anti-armor weapon systems;
  • "Anti-tank mines;
  • "Demolition munitions for obstacle clearing;
  • "Over 9 million rounds of small arms ammunition; 
  • "Four logistics support vehicles;
  • "Precision aerial munitions; 
  • "Testing and diagnostic equipment to support vehicle maintenance and repair;
  • "Port and harbor security equipment;
  • "Spare parts and other field equipment."

The latest commitment represents the thirty-sixth such drawdown of US materiel since Russia's invasion began.

Russian combat forces are reorganizing...

"On 18 April 2023, the Kremlin issued a press release on President Putin’s visit to Russian-occupied southern Ukraine. Using the Russian spelling of Ukraine’s Dnipro river, the release described the president as having visited the ‘Dnipr Group of Forces’," The UK's Ministry of Defence writes in this morning's situation report. "This is one of the first references to the existence of a Dnipr Group of Forces (DGF). Russia uses the term ‘group of forces’ in a specific way, indicating a large, task-organised operational formation. Early in the invasion, the Russian force was organised into groups of forces each aligned to their home military districts in Russia, for example, the Western and Central Groups of Forces. The existence of an apparently new DGF suggests that the original force organisation has evolved, probably due to heavy losses. DGF’s mission is likely to defend the southern sector of the occupied zone, and especially the south-western flank which is currently marked by the Dnipro river."

...and so are Russia's security organs.

The Institute for the Study of War reports that Russia's FSB is undertaking a comprehensive overhaul of the country's security apparat, apparently in response to a growing concern about leaks and security breaches. "Russian state-controlled outlet TASS reported on April 19 that the FSB and the Main Directorate of the Security Service of the Ministry of Internal Affairs (MVD) have been conducting mass checks at the Moscow Central District Internal Affairs Directorate and several Moscow district police offices for the past several weeks due to 'the leakage of data from Russian security forces at the request of Ukrainian citizens.'" Police departments appear to be the focus of what amounts to an incipient purge. "Another Russian source noted that the FSB and MVD have already detained police officers as part of this investigation. Russian outlets reported that the suspected police officers leaked personal data on Russian security forces to external individuals, some of whom are Ukrainian citizens. The reported FSB and MVD raids on the Moscow police departments are occurring against the backdrop of a series of arrests and dismissals of prominent members of Rosgvardia (Russian National Guard) leadership. The Kremlin may be pushing for such arrests and investigations in order to conduct an overhaul of the domestic security apparatus to oust officials who have fallen out of Kremlin favor and consolidate further control of internal security organs." That's certainly possible, and there's plenty of historical precedent in Russia for this sort of purge. But the possibility that the security organs are spooked by leaks is also a real one.

Update on the Discord Papers case.

The US has also had recent difficulty with leaks. Jack Texiera, the Air National Guardsman alleged to have taken and leaked the Discord Papers to a small group of young and besotted followers on the gamer social platform, has been charged, is in custody awaiting trial, and has yet to enter a plea. The New York Times, which has published a review of where the case stands, comments on the apparent motive, which appears to be devoid of the usual elements of ideology or political commitment, and also of any compromise or financial gain. The motive seems to have been as simple as a desire to show off in front of online friends.

Belarus arrests a pro-Russian hacktivist.

The head of Anonymous Russia, a young man who went by the nom-de-hack "Raty," has according to KillNet been arrested by Belarusian authorities, Flashpoint reports. It's worth noting that this particular group is not the Anonymous that's sought to pester Russia, but rather an alternative organization devoted to Russia's cause, and operating as a kind of junior partner to KillNet. KillNet has said it would appoint a new leader for Anonymous Russia. The reconstituted group will concentrate on two things:

  • "They declared a 'war on CIA rats'—an expression that, in their reading, means pro-Ukrainian hacktivist groups such as the 'IT Army of Ukraine', a group of pro-Ukrainian hacktivists formed shortly after Russia’s 2022 invasion, which is specifically named in one of the channel’s messages. The mention of this trope, lifted from Russian propaganda, is likely meant to confirm the new group’s pro-Kremlin credentials. 
  • The group also announced that it would transform itself into a DDoS-for-hire group that “anyone can purchase.” However, it also specified that the project would 'be aimed at dark-web too'. This latter announcement suggests that Anonymous Russia will perform DDoS attacks against darknet markets similarly to Killnet.

It's unclear why Raty was arrested, but KillNet was quick to identify and, Forcepoint says, dox him. The reconstituted Anonymous Russia seems to be moving, along with its better -known and more active bigger colleague KillNet in the direction of a profit-making enterprise. Last month KillNet said that it was organizing itself as a private cyber operations corporation along the lines of the Wagner Group, the notorious private military corporation. The rise of Wagner-like groups in cyberspace was the subject of a warning this week by the UK's NCSC, which, the Record reports, is warning that such groups are expected to represent a particular threat to critical infrastructure.

Poland describes current Belarusian information operations.

Polish authorities say that a major propaganda campaign by the Belarusian group Ghostwriter was detected on April 18th. Attribution was unusually quick, and Poland has taken steps to control any damage. "The group's goal in Poland is to disrupt the country's relations with its allies," the Record reports, "including Ukraine, the U.S., and NATO countries, according to Poland’s Ministry of National Defense. The group’s campaigns have also aimed to foment social unrest among Polish citizens."