Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. Ukraine differs.
N2K logoMay 12, 2023

Mr. Prigozhin offers an alibi for combat failure, and KillNet meditates on the problems of rebranding as a PMHC.

Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. Ukraine differs.

Wagner Group capo Yevgeny Prigozhin says that Ukraine's spring offensive is in fact under way, the Telegraph reports. President Zelenskyy has said that the offensive would be launched only when Ukraine's preparations were complete, but Mr. Prigozhin says that, not only is this a lie, but that Ukrainian forces have been "unfortunately" successful. It seems that Mr. Prigozhin is looking for a public excuse for recent local reverses his units have experienced in local fighting around Bakhmut. Ukrainian forces have indeed succeeded in retaking ground and inflicting heavy casualties in the city, but a local engagement is a far cry from a general offensive.

There seems to be a mood in Russian semi-official circles that would represent Ukraine as conducting a full-scale offensive. KillNet, the hacktivist auxiliary re-emerging from its own rebranding and reorganization campaign, has predicted in its Telegram channel that Ukraine's long-expected spring offensive would begin in "two days," that is, by the end of this week. 

Recent Black Sea Fleet activity.

This morning's situation report from the UK's Ministry of Defence looks at Russia's decision this week to expend "scarce and expensive" naval land attack cruise missiles against Ukrainian targets. "On the night of 08-09 May 2023, the Russian Navy’s Black Sea Fleet vessels launched eight SS-N-30a SAGARIS land attack cruise missiles (LACMs) against Ukraine. This was only the second use of Russian Navy LACMs reported since 09 March 2023. Up to March 2023, the Russian Navy frequently launched SAGARIS. Russia likely temporarily suspended using these weapons because it wanted to rebuild its reserve stocks. In the short-term, Russia likely sees LACM as a key capability to strike deep into Ukraine to disrupt anticipated Ukrainian counter-offensives. However, more strategically, Russia also sees conventional SAGARIS and other LACMs as having an important role in any hypothetical conflict with NATO. How to use these scarce and expensive weapons is one of the numerous dilemmas Russian commanders face because the war in Ukraine has gone on much longer than they originally planned for."

KillNet’s short-lived PMHC venture: new services amidst the reorganization regret.

We’ve been watching Killnet’s social media chatter for the hacktivist auxiliary’s latest self-presentation.

KillNet’s impresario (or at least mouthpiece) KillMilk, expressed doubt about the Russian hacking auxiliary’s organizational change to a private military hacking company (PMHC) on Tuesday during a “heart-to-heart” with the group’s followers. KillMilk explained that he had made a terrible mistake in making the group a PMHC, and took full responsibility for what he now regrets as a misstep. He explained that while attempting to acquire more servers for their botnet, he had drawn the attention of the FBI and, as a result, the organization’s botnet was seized. He then added that he would not be going to the government for support, and requested donations from his fan base. He ended his heart-to-heart by saying, “Give us all we ask for and within 30 days there will only be native Americans left in the USA.” Presumably he meant that with the correct material supply he and his (now no longer so merry) band of renegades could and would send the US back to the Stone Age. 

Since this airing of grievances the organization has changed its Telegram handle back to the original “WE ARE KILLNET.” On Thursday, May 11th, the group announced that, thanks to the donations they’d received, they would be able to purchase more resources and continue their patriotic labor of love. It remains unconfirmed whether KillNet’s botnet infrastructure was swept up by the FBI’s Operation Medusa (announced on Tuesday), but if KillNet’s botnet were indeed tightly coupled to the FSB’s network Operation Medusa expunged from US computers, then this would be a key indicator of KillNet’s ties to the Russian organs. 

KillNet’s de-rebranding came after the group launched its own Telegram based cryptocurrency exchange. They’ve boasted that they can deliver cash to anyone in the Russian Federation, and that they’re looking to expand to other countries. The group is charging a 6% processing fee for amounts under $5,000, dropping as amounts grow larger, with the fee for transferring more than $100,000 coming in at a low, low 3%. (This surcharge is in addition to the conversion fees from whatever exchange they use to flip the currency.) 

Last but not least, KillNet announced its Telegram-based OSINT tool which they claim to be “The best in the world in the right hands.” The Telegram bot reportedly allows for name searches, social media account research (only for Russian social media), IP address tracing, license plate look-ups (only in Russia), and various other phone number and email address queries. Why anyone would use KillNet’s OSINT tool instead of an-off-the-shelf tool with multi-country querying capabilities is not immediately clear. An interesting puzzle is that the tool seems to only query Russian-owned social media and public databases, which seems to go against KillNet’s promise not to operate against or inside of Russia proper. Perhaps the OSINT is for domestic surveillance: in any case there’s been some barking in Russian state-controlled media that Russians insufficiently enthusiastic about the Special Military Operation are really not worthy of the name “Russian” at all.