Ukraine at D+608: Privateers are rising.
N2K logoOct 25, 2023

Ukraine's successes in the Black Sea are part of a long-war strategy. Russian privateers are increasingly active against Ukrainian targets, and are paying particular attention to financial transactions.

Ukraine at D+608: Privateers are rising.

"Ukrainian forces continued counteroffensive operations in eastern and southern Ukraine on October 24 and advanced south of Bakhmut and in western Zaporizhia Oblast," the Institute for the Study of War (ISW) wrote yesterday. "Geolocated footage published on October 23 indicates that Ukrainian forces advanced east of Andriivka (10 km southwest of Bakhmut), and geolocated footage published on October 24 indicates that Ukrainian forces marginally advanced west of Robotyne. The Ukrainian General Staff also reported on October 24 that Ukrainian forces continued offensive actions south of Bakhmut and achieved partial success near Robotyne."

The UK's Ministry of Defence (MoD) describes the fighting around the lower Dnipro. "Over the last week fighting has intensified around the banks of the lower reaches of the Dnipro River. Ukraine has given higher priority to operations in this sector, building up small bridgeheads on the east bank it has controlled since the summer. Russia has likely been alert to the possibly of attacks across the river since it withdrew its forces from the western bank 12 months ago. The area is under the control of the newly established 18th Combined Arms Army, after some of the units previously in the area were diverted to the Orikhiv axis to the east. As in most sectors, a decisive factor is almost certainly the combatants’ ability to bring accurate, intense artillery fire to bear. Initial indication suggests that Russia has maintained a significant artillery capability within range of the river."

The significance of the Black Sea in a long war.

Ukrainian President Zelenskyy spoke of Russia's diminished control of the Black Sea and the difficulties Russia now faces interdicting Ukrainian grain shipments. An essay in Foreign Policy argues that Ukraine's success in the Black Sea has been underappreciated, that it represents a significant victory overshadowed by the steady but slow progress on the ground. The Russian Black Sea Fleet can no longer use its former bases in occupied Crimea and has withdrawn, after a year of heavy losses to missiles, drones, and sabotage, to Novorossiysk in Russia proper. The Kerch Strait Bridge has been damaged, and while partially repaired, has been shown to be at risk.

Ukrainian cyber authorities report a rise in privateering Smokeloader attacks.

Russia has stepped up cyberattacks directed against Ukraine and Ukraine's international supporters. Some have been financially motivated, others aiming simply at disruption.

Kyiv's National Cybersecurity Coordination Center (NCCC) reported Tuesday that it was investigating an increase in Russian criminal attacks using Smokeloader malware. The NCCC explicitly characterizes the threat actors as "financially motivated cybercriminals," effectively privateers who supplement the efforts of Russian intelligence and security services and the hacktivist auxiliaries those services direct. "Since May of this year," the NCCC writes, "Ukrainian financial and government organizations have been targeted by multi-module malicious software, the functionality of which includes counter analysis methods, data theft, and remote control of the victim's computer. Criminals appeal to financial themes when creating campaigns to lure and deceive victims. And they also use a network infrastructure dominated by Russian domain registrars, which indicates the geographic origin of cybercriminals."

Smokeloader is commodity criminal malware bought and sold in the C2C market--the Record notes that it trades in underworld souks from $400 for the basic model to $1650, nicely loaded. The NCCC's full report, available in both Ukrainian and English language versions, explains that a variety of criminal groups are using Smokeloader, and that in some cases they're achieved their payoff by diverting funds from online transactions. The report includes a set of indicators of compromise and advice to organizations on how they might present the privateers with a harder target.

Russian hacktivist auxiliaries strike Czech targets.

Hacktivist auxiliaries have been engaged in disruptive attacks against Czech targets, reports. Distributed denial-of-service (DDoS) attacks interrupted online services at the Prague Airport, the Czech Interior Ministry, and the Chamber of Deputies. Researchers at the security firm Avast noted that the use of the DDoSia platform points clearly to NoName057, the well-known Russian hacktivist auxiliary. The attacks (and they achieved no more than the familiar nuisance results, neither compromising data nor interrupting operations) were apparently intended as retaliation for Czech support for Ukraine at the Crimea Platform summit, which met in Prague on Tuesday.