Ukraine at D+630: GRU may be expanding its targeting.
N2K logoNov 16, 2023

Both sides look for ways to break out of positional warfare's unstable stalemate. Ukraine continues to expand its foothold on the east bank of the Dnipro, and Russia makes a minor advance at great cost against Avdiivka. The GRU seems to have expanded its cyber targeting to infrastructure in Western Europe.

Ukraine at D+630: GRU may be expanding its targeting.

Ukraine continues to expand its operations on the east bank of the Dnipro, where back-and-forth fighting has seen some exchange of ground between the two sides.

In this morning's situation report, the UK's Ministry of Defence (MoD) provides an overview of close combat around Avdiivka. "Over the last week, Russian forces have continued attacks towards outlying villages of the contested town of Avdiivka, Donetsk Oblast. Russia is almost certainly attempting a pincer movement to encircle the town," the MoD writes, "Avdiivka has been fought over for nearly a decade and holds political importance to Russia given its proximity to Donetsk city. Recent advances have likely brought Russian forces close to the Ukrainian-held Avdiivka Coke and Chemical Plant, a sprawling industrial complex which produces coke and a variety of chemicals, occupies a key tactical position to the north of the town. The plant dominates the main road into Avdiivka and, if Russian forces were to secure it, resupplying the town would become increasingly difficult for Ukraine. However, the industrial facility provides Ukraine with a localised defensive advantage and Russian forces will probably suffer significant personnel losses if they attempt to assault the facility."

An unstable stalemate.

"The positional war in Ukraine is not a stable stalemate," an essay published by the Institute for the Study of War (ISW) argued. "It is not the result of fundamental realities in modern warfare that can only be changed with a technological or tactical revolution, as was the First World War’s stalemate. Neither does it rest on a permanent parity in military capacity between Russia and Ukraine that will continue indefinitely regardless of Western support to Kyiv. It results, on the contrary, from self-imposed limitations on the technologies the West has been willing to provide Ukraine and constraints on the Russian defense industrial base largely stemming from Russian President Vladimir Putin’s unwillingness so far to commit Russia fully to this war. The current balance is thus, in fact, highly unstable, and could readily be tipped in either direction by decisions made in the West."

Victory in this war, the ISW maintains, doesn't require any striking technological innovation, like the tank, or tactical innovation, like coordinated combined arms operations, which have often been credited with breaking the stalemate during the First World War. (It's worth noting that exhaustion and the blockade are also plausible candidates for war winners.) Rather, it's production and delivery of existing technologies to Ukraine, and effective application of them in NATO-style combined arms operations that would make a war-winning difference for Ukraine.

The EU prepares to ban crucial machine-tool exports to Russia.

Russia cannot sustain its own defense industrial base; it's heavily dependent upon precision machine tools and other critical technology (including "welding machines, lithium batteries, thermostats, motors, and drone motors") imported from Western Europe and the US. The ISW reports that the European Union is preparing to ban such exports in its twelfth sanctions package.

GRU's Sandworm implicated in campaign against Danish electrical power providers.

SektorCERT, Denmark's "cyber security centre for the critical sectors," this week described what it characterized as the largest cyberattack on record against that country's critical infrastructure. In May of this year an APT group, which SektorCERT associates with the Sandworm, simultaneously hit twenty-two companies in Denmark's highly decentralized electrical power sector. The attacks, which began on May 11th and continued into the last week of that month, exploited CVE-2023-28771, a critical command injection flaw affecting Zyxel firewalls. That vulnerability had been disclosed and addressed in late April, but the attackers were able to find enough unpatched systems to gain access.

The attack was ultimately detected and stopped without disruption to power distribution, but it seems to have been aimed at gaining comprehensive access to Denmark's grid. The attacks proper were preceded by a reconnaissance phase that began in January. A simultaneous attack against so many targets suggests both careful planning and determined execution. SektorCERT properly notes the difficulties of attribution, and itself stops short of saying the incident was the work of Russia's GRU, but on form it certainly looks like a Sandworm operation. Similar attacks have been mounted against Ukraine's power grid, and the incident in Denmark strongly suggests that infrastructure in what Moscow tends to call the "collective West" can be expected to figure in Russian target lists.