Ukraine at D+109: Media feel Russia cyber warfare and information lawfare.
N2K logoJun 13, 2022

The artillery war for the Donbas continues, with difficulties for both sides: Ukraine needs ammunition, and Russia might need to maneuver against opposition. The GRU is spamming Ukrainian media outlets, and Russian courts are cracking down on foreign media that don't toe the Kremlin's line. And Mr. Putin takes extradordinary steps to secure what we must euphemistically call his "biomaterial."

Ukraine at D+109: Media feel Russia cyber warfare and information lawfare.

While noting lack of Russian progress against Sieverodonetsk, the Washington Post quotes an unnamed senior US Defense official to the effect that Russian conquest of all of Luhansk is likely "within a few weeks." Rising Ukrainian losses and high ammunition expenditure are seen as the largest problems for Kyiv in what has become a contest of attrition.

Saturday morning's situation report from the UK's Ministry of Defense (MoD) presented a familiar story: heavy, fire-power intensive fighting in Sieverodonetsk. "As of 10 June, Russian forces around Sieverodonetsk have not made advances into the south of the city. Intense street to street fighting is ongoing and both sides are likely suffering high numbers of casualties. Russia is massing fires with its artillery and air capabilities, in an attempt to overwhelm Ukrainian defences." An old weapon from the 1960s has pulled out of storage and adapted to an unfamiliar role for which it wasn't designed. "Since April, Russian medium bombers have likely launched dozens of 1960s era Kh-22 (NATO designation, AS-4 KITCHEN) air-launched, heavy anti-ship missiles against land targets. These 5.5 tonne missiles were primarily designed to destroy aircraft carriers using a nuclear warhead. When employed in a ground attack role with a conventional warhead they are highly inaccurate and can therefore cause significant collateral damage and civilian casualties. Russia is likely resorting to such inefficient weapon systems because it is running short of more precise modern missiles, while Ukrainian air defences still deter its tactical aircraft from conducting strikes across much of the country."

That theme continued into Sunday, as the MoD sees the Russian tactics paying off. "Russia is using its overmatch in force ratio and artillery to gradually seize territory in and around Sieverodonetsk. Russia continues to seek to generate more combat units to deploy to Ukraine." "Overmatch" is being achieved through more immediate commitment of combat power, with less held in reserve, and this is a tactic designed for short-term success. "In recent weeks, it has likely started preparing to deploy the third battalion from some combat formations. Most brigades normally only commit a maximum of two of their three battalions to operations at any one time. The third battalions within brigades are often not fully staffed - Russia will likely have to rely on new recruits or mobilised reservists to deploy these units to Ukraine. Deploying all three of their battalions simultaneously will likely reduce formations’ longer term capacity to regenerate combat power after operations."

This morning the MoD drew attention to the importance assault crossing of rivers is likely to assume. "Over the weekend, the battle around Sieverodonetsk has continued to rage. Over the coming months, river crossing operations are likely to be amongst the most important determining factors in the course of the war. The key, 90km long central sector of Russia’s frontline in the Donbas lies to the west of the Siverskyy Donets River. To achieve success in the current operational phase of its Donbas offensive, Russia is either going to have to complete ambitious flanking actions, or conduct assault river crossings. Ukrainian forces have often managed to demolish bridges before they withdraw, while Russia has struggled to put in place the complex coordination necessary to conduct successful, large scale river crossings under fire." Note the phrase "over the coming months." Clearly the MoD doesn't expect a swift resolution of the war.

Along the Black Sea, Ukraine says it's deployed Harpoon anti-ship missiles on the coast, in position to strike Russian warships, the US Naval Institute reports. The Harpoon has a range of nearly 140 kilometers.

Ukraine reports a "massive" spam campaign against the country's media organizations.

An email from the Press Office of Ukraine's State Service of Special Communication and Information Protection (SSSCIP) on Saturday warned that a "massive" spam campaign against media outlets had begun:

"The Computer Emergency Response Team of Ukraine (CERT-UA) acting under the SSSCIP warns about mass spamming with dangerous emails titled 'СПИСОК посилань на інтерактивні карти' (Ukrainian for 'Interactive Map Reference List'). In particular, these emails are targeting media outlets (radio stations, newspapers, news agencies, etc.) of Ukraine. Over 500 destination email addresses have been identified. These emails contain an attached document 'СПИСОК_посилань_на_інтерактивні_карти.docx,' opening which may initiate downloading of CrescentImp malware. Specialists warn that cyber criminals have been increasingly resorting to email spamming from compromised addresses of public institutions. If you fall victim to a cyberattack, please contact the CERT-UA immediately. This activity is tracked by UAC-0113 (attributed to the Sandworm group with a medium certainty level). As reported earlier, this group was involved in orchestrating a massive attack on the energy sector of Ukraine in April."

Sandworm is a Russian threat actor associated (in MITRE's ATT&CK catalogue) with Russia's GRU military intelligence service and perhaps best known for its role in the 2015 and 2016 cyberattacks against sections of Ukraine's power grid. The group has also been fingered for the 2017 NotPetya pseudo-ransomware attack and 2018's Olympic Destroyer incident.

The payload in the spam emails appears to exploit Folllina vulnerability in the Microsoft Windows Support Diagnostic Tool (CVE-2022-30190) to install a downloader for CrescentImp malware, CrescentImp's provenance and functionality are unclear, BleepingComputer reports, but CERT-UA has provided indicators of compromise to assist in CrescentImp's detection.

Russian court fines Wikimedia for "disinformation."

The Verge reports that a Moscow court has fined the Wikimedia Foundation five-million rubles (about $65 thousand) for its reporting on Russia's special military operation, the war against Ukraine. Wikimedia is appealing the fine. Stephen LaPorte, associate general counsel at the Wikimedia Foundation, said, "This decision implies that well-sourced, verified knowledge on Wikipedia that is inconsistent with Russian government accounts constitutes disinformation. The government is targeting information that is vital to people’s lives in a time of crisis. We urge the court to reconsider in favor of everyone’s rights to knowledge access and free expression.” Wikimedia also argues that Russia lacks jurisdiction.

Securing information about President Putin's health?

Paris Match looks at reports of extraordinary measures taken by President Putin's Federal Security Office protective detail to secure the president's "biomaterial" (saliva, sweat, skin oils, excrement) and concludes that the Russian government is trying to deny foreign intelligence services information about the state of Mr. Putin's health. Meduza adds background, including a note on how it came to be known that Mr. Putin was traveling with a "dry closet:" the gaffe was apparently blown in 2020 by, of all people, Julia Louis-Dreyfus, an American actress best known for portraying Elaine on Seinfeld. She heard the story from the staff of Kunsthistorisches Museum in Vienna. Meduza points out that this wasn't really news, that Mr. Putin has traveled with a dry closet since the earliest days of his presidency. Thus skittishness about biomaterial doesn't necessarily indicate some recent decline in the state of Mr. Putin's health; it seems to be a longstanding security concern.

Sanctions push Russia's automobile industry back to the USSR.

Western sanctions have stifled Russia's automotive industry, as the components that sector relied on are no longer available. Plants in Tolyati, Russia's Detroit or Stuttgart, To restore production, the Telegraph reports, Avtovaz, a state-owned car manufacturer, has introduced the Lada Granta Classic 2022, a job that uses only components from Russia or Russian allies. It hasn't been favorably reviewed, even by Russian drivers (insofar as they've been able to express an opinion).

Looting a culture.

As both Ukraine and Russia remember (in very different ways) the Nuremberg Tribunal of 1945-1946, Russia appears to be repeating one of the crimes that contributed to the conviction of Nazi war criminals in that trial: looting of art, (which was especially mentioned in the case of Hermann Göring). In this case, according to the Guardian, there seems to be a systematic policy of removing art, notably Scythian gold artifacts, that could be viewed as belonging to a distinctively Ukrainian patrimony.

This would seem one more phase of Russia's quick-time exit from the civilized world. Should Mr. Putin's associates tire of the march, they could always drive a Lada Granta Classic. Sure, it doesn't meet European emission standards, but then you wouldn't be driving there anyway, would you, Vladimir Vladimirovich? Not even to use the toilet. Presumably a dry closet would fit into the trunk? If so, that would seem to be an important selling point, like mag wheels or a backup camera.