Ukraine at D+188: Cyber ops continue during Ukraine's counteroffensive.
N2K logoAug 31, 2022

Ukrainian forces continue to retake ground in the region around Kherson. Cyber irregulars in Belarus and Ukraine strike against Russian interests. And ordinary cyber crime continues in Ukraine during wartime (and so does ordinary cyber law enforcement). 

Ukraine at D+188: Cyber ops continue during Ukraine's counteroffensive.

Ukraine's counteroffensive in the South advances.

The UK's Ministry of Defence this morning reported that Ukraine's counteroffensive in the vicinity of Kherson is gaining ground as Russia seeks to reconstitute its forces with hastily trained recruits and reserves. "Ukrainian armoured forces have continued to assault Russia’s Southern Grouping of Forces on several axes across the south of the country since Monday. Ukrainian formations have pushed the front line back some distance in places, exploiting relatively thinly held Russian defences. In line with its doctrine, Russia will likely now attempt to plug the gaps in its line using pre-designated mobile reserve units. These will likely include some of those from the Eastern Grouping of Forces. Russia continues to expedite attempts to generate new reinforcements for Ukraine. Volunteer battalions of the new 3rd Army Corps had departed their home base near Moscow by 24 August, highly likely for onward deployment to Ukraine.The operational effectiveness of these units is not known. The 3rd Army Corps is highly likely short of personnel and these troops have had limited training."

The campaign to retake Kherson and surrounding territory is seen, the Wall Street Journal reports, as a test case of Ukrainian capability and resolve. Should it succeed, it will open up other territory to recapture, including the Crimean peninsula, occupied by Russia since 2014. The tactics employed have relied heavily on isolation of the battlefield to prevent Russian forces in key defensive positions around Kherson from being either withdrawn or resupplied. US Department of Defense officials told POLITICO that Ukrainian forces had succeeded in taking down bridges over the Dnipro, effectively cutting off Russian forces west of that river, and that Ukrainian forces had "a good chance" to retake territory lost in the initial stages of Russia's invasion. How Russia will respond should Ukraine's counteroffensive succeed remains unclear, but the sidelining of Defense Minister Shoigu suggests, the Telegram notes, a crisis in command.

UN inspectors arrive in Zaporizhzhia.

As International Atomic Energy Agency (IAEA) inspectors arrive in Zaporizhhia to assess the safety and security of the large nuclear plant (currently under Russian control and Ukrainian operation), Kyiv accuses Moscow of shelling villages around the facility. The AP reports that the IAEA says its team has been granted safe passage by Russian forces, and given a promise that they'll be permitted to carry out their inspection, expected to take several days, and the New York Times describes the inspection as the most complicated the IAEA has ever undertaken.

Fears of a nuclear accident persist. According to the BBC, the European Union has shipped quantities of potassium iodide pills, "anti-radiation tablets," to Ukraine. Potassium iodide is taken to inhibit absorption of iodine-131, a radioactive isotope that represents the prime cause of cancer, by the thyroid of exposed people. Five-and-a-half-million tablets have been shipped.

Belarusian Cyber Partisans claim to have a complete Belarusian passport database.

The Belarusian Cyber Partisans, a dissident group opposed to the continued rule of President Lukashenka, claimed yesterday to have obtained a complete database of all Belarusian passports. They describe their caper like this: "For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history. Get a unique digital version of #lukashenka passport as #NFT https://opensea.io/collection/cpartisans-passports." Opensea has since taken down the passports. The Cyber Partisans elaborate on their motives: "The dictator has a birthday today - help us ruin it for him! Get our work of art today. A special offer - a New Belarus passport for #lukashenka where he's behind the bars. Make it happen sooner while he's still alive. We also offer passports of his closest allies and traitors of the people of #Belarus and #Ukraine. All the funds will go to support our work in hitting bloody regimes in #minsk & #moscow." 

Russia's cyberattack against Montenegro.

Montenegro's government continues to attribute a widespread cyberattack that began on August 22nd to Russia. The attribution is in part based on a perceived Russian motive: Montenegro has supported Ukraine during Russia's war, and Moscow has designated the country as hostile. Tech Monitor reports that Montenegrin Defence Minister Rasko Konjevic asked, rhetorically, “Who could have some kind of political interest in inflicting such damage on Montenegro?" And he gave the obvious answer, "I think there is enough [evidence] to suspect that Russia is behind the attack.” Open sources are short on details concerning the tools used in the campaign, but Mr. Konjevic says the malware used doesn't come cheap: it's listed in dark web souks at between $100,000 and $2.5 million.

Montenegrin authorities say recovery is in progress. “The damage is being repaired and we are assessing its extent,” Tech Monitor quotes Marash Dukaj, the country's minister of public administration, as telling a press conference. “The system will suffer no lasting effects. A huge amount of money was invested in this attack on our system.”

Organizing a cyber militia.

Cybersecurity experts in many countries have long speculated about how effective cyber reserve forces might be prepared and mobilized. Ukraine's "IT Army" may provide a model, a via media between loosely inspired hacktivism and highly structured military reserve forces. Recorded Future has an interview with a "high ranking member of the force" (identity withheld for the official's safety--he's identified only as "IT Admin") in which that official describes how the IT Army has evolved, and how it's serving in the current war.

The IT Army is directed by a core group of about twenty-five cyber professionals, and it's evolved along the lines of a start-up corporation. Building trust has been a challenge, as has compartmentalizing operations to minimize the effects of any penetration by Russian intelligence services. The group is most proud of certain operations inside Russia (about which the IT Admin declined to provide details) and believes the pressure it's maintained on Russian networks and the operators who secure them has contributed to Russia's failure to mount successful, large-scale cyberattacks against Ukrainian infrastructure.

Ordinary crime persists in wartime.

Not all the unofficial cyber activity in Ukraine is benign. The country's cybergangs have continued to operate, even in wartime. BleepingComputer reports that Ukrainian authorities have dismantled a network of call centers a cybergang used for "financial scams." Among the tactics were targeting known victims of cryptocurrency scams and dangling the prospect of helping recover stolen funds in front of them. The National Police of Ukraine said, in their announcement of the operation, "the organizers used high-tech equipment and software, which allows to change the telephone numbers of the attackers to the numbers of state banking institutions." If convicted, those arrested and charged face up to twelve years in prison. Most of the victims were in Ukraine or the European Union.