Ukraine at D+153: Action during an operational pause.
N2K logoJul 27, 2022

Ukrainian artillery continues to strike Russian logistical targets, and Russian artillery continues to strike whatever is within range. Moldova fears it may be the next item on Mr. Putin's territorial menu, and it's seeking assistance to help defend itself in the event of a hybrid war. Privateers are useful in wartime, but their usefulness is limited: their operations need to be, at a certain point, paying propositions.

Ukraine at D+153: Action during an operational pause.

The situation on the ground, during this protracted operational slow-down.

Ukraine continues its preparations for the recapture of Kherson, with the announced goal of retaking the province, or at least its eponymous city, by September, the Telegraph reports. Fighting there remains the artillery battle that's come to characterize the entire war. “We fight against artillery. Artillery shells us and that’s it, that’s how we fight. They don’t approach to engage in close combat, they shoot the artillery,” a Ukrainian soldier near Mykolaiv told the Telegraph. The bridge over the Dnipro, the principal Russian supply line into the city of Kherson, has been closed due to Ukrainian HIMARS fire. In a statement to Reuters, Russian occupation authorities said the bridge is structurally sound, but that civilian traffic is being kept off the crossing while it remains under Ukrainian fire. A railroad bridge over the Dnipro is also said to have been damaged; the Russians say they're repairing it. And should the bridges become unusable, the occupation authorities say they'll replace them with ferries. The tone of Russian commentary on the fighting is that all has been foreseen, that all is proceeding according to plan.

The UK Ministry of Defence reports local advances by Russian contract units toward a major power plant in the Donbas. "Russian private military company Wagner has likely succeeded in making tactical advances in the Donbas around the Vuhlehirska Power Plant and the nearby village of Novoluhanske. Some Ukrainian forces have likely withdrawn from the area." Russia's foreign minister continues his African trip. "Russian Foreign Minister Sergei Lavrov is currently undertaking a tour of Egypt, Ethiopia, Uganda, and the Republic of the Congo. Russia will highly likely seek to exploit the visits to blame the West for the international food crisis and win the support of African states which have otherwise remained neutral about Russia’s invasion of Ukraine. Since 2014, Russia has made significant efforts to secure influence across Africa, with Wagner frequently deploying as one of its favoured tools of influence in the region. Russia probably primarily engages with Africa because it believes it will enhance the ‘Great Power’ identity Russia aspires to. Its secondary goals are probably to secure commodity concessions and to persuade African states to vote in line with Russia’s interests in international forums."

For its part the Russian air force has conducted more air-launched missile strikes against Odessa and Mykolaiv. The AP reports that the areas damaged (one hesitates to call them "targets" because that would imply a selectivity and intentionality that seem beyond Russianfire support capabilities) were civilian buildings (including houses in villages) and port infrastructure (despite Russian insistence that it's determined to keep grain flowing from Ukraine's Black Sea ports). An op-ed in Haaretz argues that Russia's President Putin is determined to lockdown control over Ukraine's Black Sea coast as a means of acquiring international leverage through the ability it would give him to throttle food exports. An Atlantic Council essay makes a similar case about the recent missile strikes against Odessa. "For months, Moscow’s blockade has been designed, among other things, to produce pain in the Global South and raise pressure on the West to force Ukraine into an unsatisfactory peace with Russia. While Russian President Vladimir Putin has been called out by the United States, NATO, and the European Union for this cynical policy, he has faced no criticism from the actual victims of the policy. For instance, during a June trip to Moscow, Senegalese President Macky Sall, the current African Union chief, echoed Kremlin talking points that the food shortages were a result of the ongoing war and Western sanctions rather than Moscow’s blockade."

And one of the objectives of Mr. Lavrov's African charm offensive is to pin the blame for any failure to reach a negotiated peace on NATO, on Ukraine's Western enablers. “We never refused to have talks, because everybody knows that any hostilities end at the negotiating table,” Mr. Lavrov explained yesterday to anyone in Uganda interested in listening.

Preparing for renewed Russian cyber offensives.

Nations closest to Russia seem most interested in shoring up cyber as well as physical defenses. Estonia's former president, Toomas Hendrik Ilves, speaking at a virtual security forum hosted in Taipei, sees one major lesson of Russia's war against Ukraine as a growing realization of a need for an international alliance to defend democracies against digital threats. "All of this leads me to argue that we need a digital alliance like NATO but one that is really and truly value-based, that includes all liberal democracies that wish to be a part of it, and is not bound by geography, but by shared values," Focus Taiwan quotes him as saying in his closing address to the Ketagalan Forum: 2022 Indo-Pacific Security Dialogue.

Moldova is among the countries concerned that it may be next on the Russian agenda. The Washington Post reports that Moldovan Prime Minister Gavrilita expressed her concern over the weekend that Russian troops “are on the territory of the secessionist Transnistria region,” and she urged other countries not to underestimate the threat of Russian military action. “If a country can start an annexation war without any regard for international law, then in this sense, nobody is safe,” she said. “I think a lot of countries are worried.”

Transnistria is a nominally secessionist Moldovan province which Russian forces detached from Moldova in 1992. It's largely unrecognized except by similar "frozen conflict zones" like Abkhazia, South Ossetia, and Artsakh, sometimes cruelly but with some excuse referred to as "trashcanistans." The detachment of these regions provided the Russian template for the re-engorgement of Donetsk and Luhansk.

Moldova (invariably described as "one of the poorest countries in Europe") is a candidate for EU membership, and is working to shore up what it regards as laggard cyber defenses. The Wall Street Journal reports that the country is receiving assistance along those lines from both the EU and the US. Moldova has seen an increase in hostile cyber activity during Russia's war against Ukraine, but so far the attacks have remained at their worst a nuisance. Iurie Turcanu, Moldova’s deputy prime minister for digitalization, said, “The first question which came to our minds was: Are we prepared to face this challenge from a cybersecurity perspective? Are we ready with our business continuity plans? Do we have them at all?” The government sees a more capable CERT that works effectively with critical infrastructure organizations as an essential aspect of its defense. “We need to know exactly what we’re doing in the next minute when we’re attacked,” Mr. Turcanu added, explaining the importance of contingency planning.

Why so much attempted DDoS, and not so much ransomware?

The Council on Foreign Relations looks at the recent record of Russian cyber operations, particularly from the country's privateers, and asks why ransomware attacks against Ukrainian targets seem to have fallen off after an initial wave of pseudo-ransomware wiper attacks. They suggest a range of reasons for this, but come down, in the end to the privateer's profit motive:

"So why a lack of ransomware attacks? There are plenty of potential reasons. One may be that Ukraine has increased the resilience of its network in recent years, facing increased Russian activities on a day to day basis, while receiving assistance from U.S. Cyber Command and private companies. Another alternative explanation is that Russian hacking groups were instructed by the Kremlin to refrain from conducting ransomware operations against Ukraine not to interfere in ongoing cyber operations conducted by Russian intelligence agencies. Keeping in mind the historical closeness between Russian criminal actors and the various Russian intelligence agencies (Conti with the FSB; EvilCorp with both the FSB and SVR) communication with proxies is conceivable."   

And there have indeed been ransomware attacks elsewhere traceable to Russian gangs. But Ukrainian victims are unlikely to have much incentive to pay their ransom, and may have small ability to so even in the unlikely event that they wished to:

"From a Ukrainian perspective, engaging with Russian criminal groups would be counterintuitive, since it would feed the Russian war machine. Thereby Ukrainian payments are less likely to occur. What is more, it is unclear if insurance companies would cover a ransomware payment in times of war, further disincentivizing criminal activity against entities in Ukraine by reducing the likelihood that attackers will be paid. Many entities in economically poor Ukraine might not be the most lucrative targets for criminal operations. What is more, a series of recently imposed financial roadblocks make it harder for cyber criminals to conduct business in Ukraine and elsewhere. This includes Ukraine’s central bank banning payments to Russia and Belarus, the exclusion of Russian banks from systems like SWIFT, and Russia making crypto payments illegal. These financial disincentives on both sides of the warring parties may have prevented an uptick in major disruptive ransomware operations in Ukraine. Ransomware operators have clearly participated in the conflict, as evidenced by Conti’s attacks against Ukraine, but they have not leveraged their attacks to make a profit. Ransomware operators also have other ways to participate in the conflict, without jeopardizing their business, given the wide variety of hacktivist groups on both sides of the conflict ."