Ukraine at D+396: Russia rattles the nuclear saber, again.

Russia announced over the weekend that it intends, in the near future, to stage tactical nuclear weapons in Belarus. The announcement is disturbing as an escalation of Moscow's nuclear saber-rattling, but it's unlikely to deliver any tactical advantage or additional deterrent effect. Diplomatically, it will tend to slave Belarus even more closely to Russian policy and military operations. It also represents heightened disinformation: a Russian response to the news that the UK will supply depleted uranium tank ammunition to Ukraine along with Challenger tanks. Russia has suggested, falsely, that depleted uranium is a nuclear weapon, and that therefore Russian nuclear moves are purely defensive actions forced upon it by the collective West. Ukraine has called for an emergency meeting of the United Nations Security Council to address the Russian announcement.

Russian officials quoted in Rossiyskaya Gazeta amplified President Putin's Saturday announcement of plans to move nuclear weapons to Belarus. Kremlin spokesman Peskov said Western adverse reaction to the announcement would have no effect on Russian actions, and Nikolai Patrushev, Secretary of the Russian Security Council, said that, while the Americans provocatively believed they could execute a first strike against Russian strategic forces, that's a dangerous illusion. Russia, Mr. Patrushev said, is a threat to no one, but it wants the world to understand it can and will destroy any country in the world, including the United States, "in the event of a threat to its existence."

The announced deployment may be, for now, more gesture than practical reality. The Guardian reports that there are few signs of the sort of preparations that moving nuclear weapons to Belarus are generally thought to require. (But a reservation: there's no reason tactical nuclear forces can't be maintained deployed in the field for an extended period of time without the sort of construction the Guardian's sources are looking for.)

Preparing for a spring offensive.

Ukraine continues preparation for its widely expected spring offensive, the Wall Street Journal reports. Ukrainian officials have sent ambiguous messages about the coming offensive, with President Zelenskyy telling the BBC that his army needs more tanks, HIMARS rocket artillery, and howitzers before it can go over to the attack, but with senior Ukrainian officers suggesting that heavy Russian losses around Bakhmut make the success of any Ukrainian offensive more likely. “They are losing considerable forces and becoming exhausted,” the Wall Street Journal quotes Colonel General Oleksandr Syrsky as saying of Russian forces. “Very soon we will take advantage of this opportunity.” 

The UK's Ministry of Defence (MoD) said, in its Saturday morning situation report, that it sees more signs of a Russian shift to the operational defensive. "Russia’s assault on the Donbas town of Bakhmut has largely stalled. This is likely primarily a result of extreme attrition of the Russian force. Ukraine has also suffered heavy casualties during its defence. The Russian situation has also likely been made worse by tensions between the Russian Ministry of Defence and Wagner Group, both of whom contribute troops in the sector. Russia has likely shifted its operational focus towards Avdiivka, south of Bakhmut, and to the Kremina-Svatove sector in the north, areas where Russia likely only aspires to stabilise its front line. This suggests an overall return to a more defensive operational design after inconclusive results from its attempts to conduct a general offensive since January 2023."

Russian losses in troops and matériel remain heavy, and there are reports of both growing indiscipline in the ranks and difficulty recruiting soldiers for the war. While Russia faces more problems in this area, Bild reports that Ukraine, too, faces recruiting challenges. And Russia's greater manpower and willingness to expend lives can be and has been turned to tactical advantage.

UAV and USV combat continues.

Russian strikes using Iranian-supplied Shahed drones surged in March, the MoD reported Sunday. "Since the start of March 2023, Russia has likely launched at least 71 Iranian-designed Shahed series one-way attack uncrewed aerial vehicles (OWA-UAVS) against targets across Ukraine. These attacks followed a two-week pause in OWA-UAV attacks in late February 2023. Russia has likely started receiving regular resupplies of small numbers of Shahed OWA-UAVs. Russia is likely launching Shaheds from two axes: from Russia’s Krasnodar Krai in the east and from Bryansk Oblast in the north-east. This allows Russia flexibility to target a broad sector of Ukraine and decreases flying time to targets in the north of Ukraine. It is also likely to be a further attempt to stretch Ukrainian air defences."

Ukraine has continued to use uncrewed surface vehicles (USVs) against Russia's Black Sea Fleet. "On 22 March 2023, at least three uncrewed surface vessels (USV) and one uncrewed aerial vehicle reportedly attempted to strike the Russian naval base of Sevastopol, in occupied Crimea," the UK's MoD said this morning. "Open source reports suggest that one USV was stopped by defensive booms, while two were destroyed in the harbour. Russian officials said that no Russian vessels had been damaged. A previous USV attack on Sevastopol on 29 October 2022 reportedly damaged the minesweeper Ivan Golubets and the frigate Admiral Makarov. Even though the new attacks likely failed to damage any military assets, the USV threat likely continues to constrain operations of Russia’s Black Sea Fleet."

Hactivist auxiliaries and privateers.

Citing research by Thales, le Journal du Dimanche notes the preponderance of auxiliaries in cyberattacks conducted by both sides during Russia's war against Ukraine.

One recently active Russian group, the Red Hackers Alliance Russia (a consortium of politically aligned privateers), has been observed using AresLoader, a malware-as-a-service commodity tool traded in underworld souks. "The shift in tactics, techniques and procedures (TTPs) of these groups to align more closely with cybercriminals, while supporting nation-state political objectives, continues to be observed more frequently," Intel 471 wrote last week in their assessment of the activity.

Report: Iran receives Russian support in cyberattacks against Albania?

Last September 7th 2022, Albanian Prime Minister Edi Rama ordered the expulsion of Iranian diplomats in retaliation for an extensive cybersecurity offensive Tehran had been running against Albanian targets. Those operations were for their part, Foreign Policy reminds its readers, Iranian "retaliation for its sheltering of thousands of members of Mujahedin-e-Khalq (MEK), a once violent cult-like Iranian opposition group residing in a fortified camp in Manëz, Albania, after being evacuated from Iraq in 2016." There have been signs since then of Russian support for Iran's cyber campaign against Albania. While evidence of direct involvement of Russian security and intelligence units is circumstantial, ambiguous, and unproven, Russian privateering criminal organizations like LockBit have recently been active against Albanian targets.

De-anonymizing Telegram?

Rostec, a Russian state-owned defense conglomerate, is reported to have developed a way of de-anonymizing Telegram channels, BleepingComputer reports. The capability is expected to be delivered to the FSB and other security organs this year. In the account by the dissident Russian outlet Bell, the effort amounts to a heavy-handed campaign designed to align Telegram feeds with the government line. The tool Rostec has built to do so, "Охотник" (that is, "Hunter") "is said to use over 700 data points to make associations and correlations that can lead to unmasking otherwise anonymous Telegram users." Hunter casts a wide net, if it indeed operates as advertised. "The data points are drawn from social networks, blogs, forums, instant messengers, bulletin boards, cryptocurrency blockchains, darknet, and government services, and concern names, nicknames, email addresses, websites, domains, crypto wallets, encryption keys, phone numbers, geolocation info, IP addresses, and more."

Such is the public account of the capability by Rostec and the Russian government, who compare Hunter to Palantir, but the story seems unlikely to at least some observers. "But for identifying channel owners," the opposition activist group RosKomSvoboda writes, "one cannot with certainty assume that the scheme could work without mixing in either some kind of 0day vulnerability in the Telegram API, or without the cooperation of someone with administrative access to the messenger servers." That is, there's either a vulnerability in Telegram's software or a compromised insider with considerable access. RosKomSvoboda ("Russian Communications Freedom") was denounced last year by the Russian Ministry of Justice as a foreign agent. The group describes itself as "the first Russian public organization active in the field of protecting digital rights and expanding digital opportunities," and says it's in favor of privacy and opposed to censorship.