War on the ground remains stagnant but intense. Russia and Ukraine continue to exchange cyber operations in the hybrid war.
Ukraine at D+64: DDoS, wipers, and doxing.
The British Ministry of Defence morning update reports strong Russian effort but indifferent progress in the Donbas. "The Battle of Donbas remains Russia’s main strategic focus, in order to achieve its stated aim of securing control over the Donetsk and Luhansk oblasts. In these oblasts fighting has been particularly heavy around Lysychansk and Severodonetsk, with an attempted advance south from Izium towards Slovyansk. Due to strong Ukrainian resistance, Russian territorial gains have been limited and achieved at significant cost to Russian forces."
Russia claimed to have launched Kalibr cruise missiles against Ukrainian military targets from a diesel submarine of the Black Sea Fleet, Reuters reports. What targets were sufficiently valuable, or offered a sufficiently high payoff, to justify the expenditure of expensive cruise missiles remains unclear.
Military aid continues to flow east to Ukraine from NATO. Much of the equipment consists of legacy Soviet systems and ammunition contributed by members of the Atlantic Alliance who formerly were members of the Cold War-era Warsaw Pact. That makes good sense: that materiel is compatible with Ukraine's own inventory, and can be easily used without additional training in unfamiliar systems. It also provides an opportunity for the newer members of NATO to upgrade with Western systems. Defense News characterizes the transfers as "flushing" legacy Soviet equipment from the Alliance.
Missile strike on Kyiv during UN Secretary General's visit.
United Nations Secretary-General António Guterres visited Ukraine this week, and his itinerary included both talks in Kyiv and visits to sites of Russian atrocities in the vicinity of the capital. The Military Times reports that the Secretary General condemned war crimes in Bucha and elsewhere, and that he called for investigations. Bulgarian Prime Minister Kiril Petkov also visited Kyiv and nearby sites, notably the site of civilian killings in Boroyanka. Undeterred by Russia's interdiction of gas supplies to his country, he promised continuing Bulgarian military assistance and called for the world to choose sides. “We cannot be indifferent. We cannot say that this is a Ukrainian problem, we cannot say some people are dying but we are not interested in that,” he said. “This is not just the battle for Ukraine, but it is a matter for civilization to choose which side to take.”
While the Secretary General was in Kyiv, Russia hit the city with missile strikes. The Telegraph reports that Russia has said that such attacks are to be expected. “As we have warned, Russia’s armed forces are ready to carry out strikes with high-precision, long-range weapons on the centres of decision-making in Kyiv,” Russian Foreign Ministry spokesperson Maria Zakharova explained. “The presence of advisers from one Western country who are stationed at the centres of decision-making in Kyiv will not necessarily be a problem if Russia decided to respond.” Thus diplomats in Kyiv should keep their heads down. Visit at your own risk. Ukraine's Foreign Ministry called the strikes a "heinous act of barbarism." President Zelenskyy said, "This says a lot about Russia’s true attitude to global institutions, about the efforts of the Russian leadership to humiliate the UN and everything that the organisation represents. Therefore, it requires a strong response.”
Failed strategy, tactics, and readiness.
Few if any military and security experts expected the Russian army to fail as clearly and visibly as it has during the first two months of its war. Indeed, "first two months" is itself shocking when used of an invasion that was widely expected to be successful within hours or at most days of its onset. Whether Russians will hold their political and military leaders responsible for building a large mechanized force that proved in the event capable of massacring civilians, but not of achieving battlefield success, remains to be seen. But the defense intellectuals who misread Russian combat capabilities, an essay in War on the Rocks suggests, are facing their own self-examination and accountability. Assessments of Russian failure concentrate on intelligence mistakes (mostly gross underestimations of Ukrainian capability and resolve, and of the loyalty of Ukraine's Russophone minority), strategic and operational errors (failures of concentration, of unity of command, of choice of objective), and political underestimation of the odium with which the rest of the world, especially Europe and the Americas, would regard the invasion. We would add failures in logistics, training, and leadership, all three of which can now obviously be seen to have very deep roots in the Russian forces.
Russian and Ukrainian operators exchange cyberattacks.
CERT-UA has warned that distributed denial-of-service (DDoS) attacks against Ukrainian targets continue. "The government team for responding to computer emergencies in Ukraine CERT-UA in close cooperation with the National Bank of Ukraine (CSIRT-NBU) has taken measures to investigate DDoS attacks, for which attackers place malicious JavaScript code (BrownFlood) in the structure of the web pages and files of compromised websites (mostly under WordPress), as a result of which the computing resources of computers of visitors to such websites are used to generate an abnormal number of requests to attack objects, URLs of which are statically defined in malicious JavaScript. code." CERT-UA has provided "a comprehensive list" of compromised sites hosting BrownFlood code.
The most alarming Russian operations have been deployments of destructive wiper malware. The effects of such attacks, however, seem to have been quickly contained. Fortinet offers a historically informed summary of wiper malware and its employment in cyber conflict.
Wired summarizes Ukraine's operations in cyberspace, and notes that even the Ukrainian operators are surprised by their defensive successes. Kyiv's cyber operations have most prominently included messaging the families of Russian soldiers killed during the invasion. It's a controversial tactic that has been criticized as gratuitously cruel. Ukraine says it has a humanitarian dimension as well as the obvious propagandistic one: the families, Kyiv says, are certainly not going to get the truth about their sons from the Russian authorities.
#OpRussia update.
Ukraine has attracted considerable hacktivist support. Hacktivism is usually ambivalent and seldom decisive, but in this case the Anonymous collective has achieved a nuisance-level of annoyance through doxing Russian organizations. Security Affairs says Anonymous has released files that appear to have come from three Russian firms:
- First, Elektrocentromontazh, which provides electrical equipment to the Russian electrical power generation and distribution system. A 1.7 TB archive containing 1.23 million emails has been posted to DDoSecrets.
- Second, PSCB Petersburg Social Commercial Bank was hit by Network Battalion 65, an Anonymous affiliate. 543 GB of 229 thousand emails and 630 thoughsand other files have been posted to DDoSecrets.
- Finally, ALET, a customs broker that serves the fuel and energy sectors, has lost 1.1 TB of data, including more than a million email addresses, all of which has also been posted to DDoSecrets.
CISA updates its advisory on Russian wiper malware.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday updated its alert on the wiper malware Russia has deployed during its hybrid war. "This advisory has been updated to include additional Indicators of Compromise (IOCs) for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware, all of which have been deployed against Ukraine since January 2022. Additional IOCs associated with WhisperGate are in the Appendix, and specific malware analysis reports (MAR) are hyperlinked below.