Ukraine at D+425: Disruption, deterrence, and battlespace preparation.
N2K logoApr 25, 2023

Ukraine is generally believed to be in the final stages of preparation for its anticipated spring offensive. US officials describe how prewar Russian cyber operations were discovered and countered.

Ukraine at D+425: Disruption, deterrence, and battlespace preparation.

Ukraine appears to have established positions on the east bank of the Dnipro River, and in so doing to have drawn Russian artillery fire, but the long-anticipated Ukrainian spring offensive has not yet begun. Sources in Ukraine have characterized the cross-river operations as "raids" designed to degrade Russian combat capability (especially with respect to artillery) the Guardian reports. The New York Times guesses that the main thrust will come in the south, and that twelve Ukrainian combat brigades should be ready around the end of this week, but these conclusions are admittedly speculative. Ukraine's ammunition stocks appear to have been built up to the point where they can support a sustained offensive.

Russian casualties appear to have fallen this month as its forces switch from offense to defense. The Uk's Ministry of Defence writes this morning, "Over April 2023, Russia’s average daily casualty rate has highly likely fallen by around 30 per cent. This follows exceptionally heavy Russian casualties over January-March 2023. Figures released by the Ukrainian General Staff suggest a reduction from a daily average of 776 Russian casualties in March, to an average of 568 so far in April. Defence Intelligence cannot verify Ukraine’s exact methodology, but the general trend is likely accurate. Russia’s losses have highly likely reduced as their attempted winter offensive has failed to achieve its objectives, and Russian forces are now focused on preparing for anticipated Ukrainian offensive operations." According to the Guardian, the only area where Russia remains on the tactical offensive is Bakhmut.

RSAC presentation describes US response to Russian prewar and wartime cyber operations.

A joint presentation by the Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Command’s Cyber National Mission Force (CNMF) described interagency, international, and public-private cooperation as vital to the blunting of Russian cyber operations. The case study they presented at RSAC yesterday focused on the response to the SVR's Solorigate intrusion into SolarWinds and the threat that posed to Government networks. That incident occurred in 2021, and so predates Russia's invasion of Ukraine, but it arguably represented battlespace preparation, and in any case the Allied response has continued to blunt the effectiveness of Russian cyber operations in the present war as well. The Washington Post summarizes some of the presentation's lessons, and also describes the ways in which a deeply compromised Russian intelligence establishment has been unable to operate effectively against Western targets. (Apply the usual cautions with respect to overconfidence.)

An update on KillNet.

In addition to creating its own virtual community college, KillNet has been advertising various malign tools. Specifically, the hackrivist auxiliary announced on 16 April that it had partnered with operators of Titan Stealer, an accomplice in the nuisance attack against NATO School Oberammergau. Titan Stealer is billed as “a universal instrument for those who possess professional knowledge in their field as well as amateurs.”  Uptycs reported in January that “The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files.” 

KillNet has also announced on Anonymous Russia’s telegram page that they are creating a new DDoS service called “Tesla-Bot.” Tesla-Bot is a DDoS (distributed denial-of-service) toolkit offered in three different flavors and prices. For $25 you get Basic, which includes ten bots. Pro, at $75, comes with thirty bots, and the pricier Rare offers fifty bots. Tesla-Bot is presently in presale, and will be available for general purchase on April 28th.