Ukraine at D+322: Patriotism and profit.
N2K logoJan 12, 2023

Hacktivist auxiliaries mix patriotism with profit. And the biggest Russian general of them all is now in direct command of the forces fighting in Ukraine.

Ukraine at D+322: Patriotism and profit.

Heavy fighting continues around Soledar. The Ukrainian General Staff released reconnaissance video of a strike it says killed roughly a hundred Russian troops in the town.

General Surovikin relieved of command of Russian forces in Ukraine.

CBS News reports that General Surovikin has been relieved of command of Russian forces in Ukraine. The Defense Ministry announced yesterday afternoon that "Army General Valery Gerasimov, Chief of the General Staff of the Russian armed forces, has been appointed Commander of the Joint Grouping of Troops." General Surovikin's appointment just three months ago had been regarded as an important step. It rationalized the Russian command structure, achieving in particular unity of command. It also appointed a commanding general widely regarded as effective and ruthless. He's now been demoted to deputy commander, according to the AP.

There's some speculation his role as fall guy in the withdrawal from Kherson may lie at the root of his dismissal. Ukrainian Business Magazine (in fairness, not a neutral outlet) summarized the General's tenure: "'General Armageddon' Sergei Surovikin has been removed as commander of Russian forces in Ukraine after less than 3 months. Surovikin was hailed as the man to rescue Putin's failing invasion but his most notable achievement was the theft of a raccoon while retreating from Kherson." Al Jazeera thinks the demotion may also have been prompted by the disaster at Makiivka, but also quotes the official line from the Russian Defense Ministry: “The increase in the level of leadership of the special military operation is connected with the expansion in the scale of tasks … the need to organise closer contact between different branches of the armed forces, and improve the quality … and effectiveness of the management of Russian forces.”

Thus the command now goes to General Gerasimov. He's been Chief of the General Staff since November 2012, and has thus presided for a decade over a force that's proven itself catastrophically unready for war. He's also the officer associated with the hybrid war doctrine that bears his name, the "Gerasimov Doctrine." That doctrine emphasizes action across the spectrum of conflict, and the full integration of military, political, economic, cultural, and other methods to achieve strategic ends. It's a whole-of-state approach that takes the adversary's entire nation, civilian as well as military, for its target. It's not obvious what he'll do in the near term to repair Russia's battlefield fortunes.

Russian airborne forces redeployed.

Russia has pulled airborne formations out of the front line, the UK's Ministry of Defence says. "Over the last two days, heavy fighting has continued both around the town of Soledar, Donetsk Oblast, and on the approaches to Kremina, Luhansk Oblast. Since the start of January 2023, Russia has almost certainly allocated elements of the 76th Guards Air Landing Division of the VDV (airborne forces) to reinforce the Kremina front line after assessing the sector was significantly vulnerable. Until November 2022, Russia committed almost the whole of the deployable VDV as long-term, ground-holding troops along the front line in the Kherson area. Now redeployed to the Donbas and southern Ukraine, commanders are likely attempting to employ VDV more in line with their supposed doctrinal role as a relatively elite rapid reaction force."

Skepticism about Wagner Group claims concerning Soledar comes from a surprising place.

If you were skeptical of Wanger Group honcho Yevgenny Prigozhin's claim that his troops had taken Soledar, you're not alone. Kyiv said it hadn't happened, and apparently the Kremlin doesn't believe it either. What Mr. Prigozhin said, specifically, was ""Wagner units took control of the entire territory of Soledar. A cauldron has been formed in the centre of the city in which urban fighting is going on." The Telegraph reports that Kremlin spokesman Dmitry Peskov as saying, "Let's not rush. Let's wait for official announcements." Mr. Prigozhin has positioned himself as an alternative defense minister; the comments from Moscow suggest that there's tension between the Wagner Group convict mercenaries and the Russian regulars.

NoName057(16) hacktivist auxiliaries target NATO.

SentinelOne describes a Russian hacktivist auxiliary campaign against NATO organizations. The group bears the paradoxical name "NoName057(16)," and it's known to have been active since March of 2022. The threat group specializes in DDoS (distributed denial-of-service), and it deploys such attacks against websites it regards as important to countries that have been friendly to Kyiv and critical of Russia's war against Ukraine. Its operations are similar to those of Killnet (indeed, some of the two groups' targeting has overlapped). SentinelOne says that NoName057(16) has been responsible for action against the Danish financial sector that Reuters reported early this week. The threat group has also this week been active against campaign websites associated with the upcoming Czech presidential election.

"The NoName057(16) group is primarily focused on disrupting websites important to nations critical of Russia’s invasion of Ukraine. Distributed Denial of Service (DDoS) attacks act as the method to conduct such disruption efforts," SentinelOne explains. "Initial attacks focused on Ukrainian news websites, while later shifting to NATO associated targets. For example, the first disruption the group claimed responsibility for were the March 2022 DDoS attacks on Ukraine news and media websites Zaxid, Fakty UA, and others. Overall the motivations center around silencing what the group deems to be anti-Russian."

NoName057(16) appears to be a genuine hacktivist auxiliary, and not merely a front group for a Russian intelligence service. "SentinelLabs has identified how the group operates over public Telegram channels, a volunteer-fuelled DDoS payment programme, a multi-OS supported toolkit, and GitHub." There's an admixture of profit with the patriotism. "This group represents an increased interest in volunteer-fuelled attacks, while now adding in payments to its most impactful contributors." SentinelOne advises everyone to expect more of the same: hacktivism for profit probably represents a trend.

To be sure, DDoS has proven a nusiance, and not a war-winner. "NoName057(16) is yet another hacktivist group to emerge following the war in Ukraine," the report concludes. "While not technically sophisticated, they can have an impact on service availability– even when generally short lived. What this group represents is an increased interest in volunteer-fueled attacks, while now adding in payments to its most impactful contributors. We expect such groups to continue to thrive in today’s highly contentious political climate."