Ukraine at D+449: G7 sanctions as cyberespionage and hacktivism continue.

The current situation in Russia's war involves continued Russian long-range missile strikes against Ukrainian civilian targets. These strikes continue to face increasingly effective Ukrainian air defenses. Heavy fighting continues in Bakhmut, but it remains a matter of closely contested local action. Ukrainian forces advance slowly in the city as Russian artillery attempts to disrupt supply lines.

Crimean rail line sabotaged.

The UK's Ministry of Defence describes sabotage on the rail line supplying the Black Sea Fleet's base in occupied Sevastopol. "On 18 May 2023, a train derailed near Simferopol, blocking the only rail line into the port of Sevastopol, the base of Russia’s Black Sea Fleet (BSF). The railway authorities said it was a result of 'interference by outsiders.' Russia will move to repair the line quickly, but the incident will disrupt deliveries of supplies and potentially also weaponry, such as Kalibr cruise missiles, to the BSF. Any sabotage in this sensitive area will further increase the Kremlin’s concerns about its ability to protect other key infrastructure in Crimea. The peninsula retains a vital psychological and logistical role in enabling Russia’s war in Ukraine." The sabotage looks like either Ukrainian diversionary or partisan action, but there's a less likely although still real possibility it could be the work of disaffected Russians. Ukraine has taken pains to emphasize that, in its view, Russia faces a non-negligible problem of internal dissent, and that attacks against the enemy's infrastructure were carried out "almost 100 per cent by citizens of the Russian Federation." Nikkei Asia reports one specific action the EU is pressing: restriction of trade in Russian diamonds.

G7 leaders plan more support for Ukraine, more sanctions against Russia.

The G7 summit opened in Hiroshima today, and has already issued a statement of strong support for Ukraine. “Our support for Ukraine will not waver,” the G7 said. The leading economic powers promised “to stand together against Russia’s illegal, unjustifiable, and unprovoked war of aggression against Ukraine,” adding “Russia started this war and can end this war.” Details of new sanctions against Russia are yet to be released, but the AP reports that the new measures are designed to cripple Russia's war-making capability. Some details of new US sanctions have leaked, and they're likely to be representative. "The U.S. component of the actions would blacklist about 70 Russian and third-country entities involved in Russia’s defense production, and sanction more than 300 individuals, entities, aircraft and vessels, said a U.S. official, who spoke on condition of anonymity to preview the announcement."

Ukraine's President Zelenskyy will attend the summit as an invited guest, Nikkei Asia reports. He'll arrive Sunday, after completing a flying visit to an Arab League meeting in Saudi Arabia.

Russian hacktivists conduct DDoS attacks against Polish news outlets.

Polish news agencies were taken offline yesterday by distributed denial-of-service (DDoS) attacks, Cybernews reports. The Polish government attributes the actions to Russian hacktivists. Such groups are well-known to function as auxiliary cyber forces. DDoS campaigns have become a characteristic feature of Russia's hybrid war. Help Net Security, citing a study by Arelion, reviews the ways in which DDoS attacks attend geopolitical conflict.

Disaffected Russian IT specialist jailed for DDoS attacks on Russian targets.

TASS is authorized to disclose that Yevgeny Kotikov has been convicted of crimes intended to disrupt the Russian Federation's IT infrastructure. "Officers of the Federal Security Service of Russia in the Rostov Region documented and stopped the criminal activities of an IT specialist involved in a computer DDoS attack organized by the Ukrainian side on the information systems of subjects of the critical information infrastructure of the Russian Federation." He will serve three years in a penal colony. Cybernews has a description of the conditions that accompany such a sentence.

An update on RedStinger (a.k.a. CloudWizard).

Malwarebytes has recently reported on a cyberespionage group of uncertain provenance, RedStinger, which appears to have selected targets on both sides of Russia's war against Ukraine. Kapersky researchers this morning released a report on a group they call CloudWizard, and which they explicitly identify not only with RedStinger, but also with the groups responsible for earlier operations in the region:

"We initiated our investigation back in 2022, starting with simple malicious PowerShell scripts deployed by an unknown actor and ended up discovering and attributing two large related modular frameworks: CommonMagic and CloudWizard. As our research demonstrates, their origins date back to 2008, the year the first Prikormka samples were discovered. Since 2017, there have been no traces of Groundbait and BugDrop operations. However, the actor behind these two operations has not ceased their activity, and has continued developing their cyberespionage toolset and infecting targets of interest for more than 15 years."

Kaspersky as a matter of policy doesn't attribute cyber operations to nation-states. Who's behind RedStinger (or CloudWizard) remains an open question. Whoever it turns out to be, WIRED points out, the ability to quietly mount offensive cyber campaigns over a fifteen-year period is remarkable.

Just war principles and hacktivist auxiliaries.

Ukrainian-aligned hacktivists have conducted deception operations designed to unmask the identities of Russian officers and cause other mischief in the lives of enemy leaders. Some of those actions have involved deceiving the officers' family members (specifically their wives) into unwitting participation. Just Security has a thoughtful overview of the ways in which this and other activity in cyberspace have served to erode respect for the customary principles on which the norms of armed conflict are founded. Specifically, the principle of discrimination between combatant and noncombatant seems to be flouted by much hacktivist activity. While it might seem that deceiving a family is trivial in comparison with ordering the bombing of a hospital, which one of the Russian officers is alleged to have done, any coarsening of moral sensibilities is dangerous.