Ukraine at D+60: Russia's slow advance in its hybrid war.
N2K logoApr 25, 2022

No major progress in the Donbas or Azov regions as Russia's offensive resumes, slowly. Both sides exchange nuisance-level cyberattacks.

Ukraine at D+60: Russia's slow advance in its hybrid war.

This morning's situation report from the British Ministry of Defence (MoD) sees only "minor advances" in the Donbas as Russia's renewed offensive suffers from the same logistical and combat support shortfalls that earlier frustrated its attempt to take Kyiv. "Russia has yet to achieve a significant breakthrough." The decision to surround and contain continuing Ukrainian resistance in Mariupol has, the MoD thinks, both prevented redeployment of combat units from the south and reduced the effectiveness of those units.

Saturday's situation report from the UK's MoD sees a protracted reset of Russian preparation to complete operations in Ukraine: "Defence Secretary Shoygu’s stated intent to introduce 'new methods of warfare' is a tacit admission that Russian progress is not going as intended. While it may indicate an understanding that the war is not progressing as planned it will take some time to translate this into adapted tactics, techniques and procedures, and then implement for improved operational effect particularly in regards to land-based manoeuvre warfare." In the meantime the Russian army will rely on heavy and indiscriminate artillery fire. "Therefore, in the interim there is likely to be a continued reliance on bombardment as a means of trying to suppress Ukrainian opposition to Russian forces," the situation report concludes.

Reduction of cities by artillery is the one tactic the Russian army has shown itself able to execute; the Telegraph reports on the effects of fatigue and failure on the morale and efficiency of Russian maneuver units. Yesterday's MoD situation report drew attention to the friction low morale is imposing on Russian operations. "Ukraine has repelled numerous Russian assaults along the line of contact in the Donbas this week. Despite Russia making some territorial gains, Ukrainian resistance has been strong across all axes and inflicted significant cost on Russian forces. Poor Russian morale and limited time to reconstitute, re-equip and reorganise forces from prior offensives are likely hindering Russian combat effectiveness."

Concealing the scale of losses.

The British MoD also sees signs that the Russian government is working to minimize public awareness of the size of losses it's sustaining in the invasion of Ukraine. "Russia’s Ministry of Defence has proposed compensation payments for the families of deceased service personnel be overseen by military rather than civilian officials. This likely reflects a desire to hide the true scale of Russia’s losses from the domestic population."

Russian conscription of Ukrainians?

Ukraine has expressed concern that occupying Russian forces will seek to redress personnel shortfalls by conscripting Ukrainians and forcing them to fight on behalf of Russia. The British MoD explained yesterday that Moscow has done this before: "The Ukrainian Main Intelligence Directorate and General Staff have accused Russia of planning to conscript Ukrainian civilians from the Russian occupied Kherson and Zaporizhzhia regions. This would follow similar prior conscription practices in the Russian-occupied Donbas and Crimea." Such conscription violates the Geneva Convention, and would amount to another systematic Russian war crime: "Article 51 of the Fourth Geneva Convention states 'the Occupying Power may not compel protected persons to serve in its armed or auxiliary forces', and 'no pressure or propaganda which aims at securing voluntary enlistment is permitted'. 'Protected persons' in this context includes civilians within occupied territories. Any enlistment of Ukrainian civilians into the Russian armed forces, even if presented by Russia as being voluntary or military service in accordance with Russian law, would constitute a violation of Article 51 of the Fourth Geneva Convention."

It would be a violation of other laws of war as well. The International Committee of the Red Cross has a searchable guide to International Humanitarian Law where summaries of applicable law may be found:

  • "Article 44 of the 1899 Hague Regulations provides: 'Any compulsion of the population of occupied territory to take part in military operations against its own country is prohibited.'”
  • "Article 23(h) of the 1907 Hague Regulations provides: 'A belligerent is likewise forbidden to compel the nationals of the hostile party to take part in the operations of war directed against their own country, even if they were in the belligerent’s service before the commencement of the war.'”
  • "Article 51, first paragraph, of the 1949 Geneva Convention IV provides: 'The Occupying Power may not compel protected persons to serve in its armed or auxiliary forces. No pressure or propaganda which aims at securing voluntary enlistment is permitted.'” 
  • "Article 130 of the 1949 Geneva Convention III and Article 147 of the 1949 Geneva Convention IV provide that compelling a prisoner of war or a protected person to serve in the forces of a hostile power is a grave breach of these instruments."

The protections have also been recognized in Russian domestic military regulations: "Under the Russian Federation’s Military Manual (1990), it is prohibited as a method of warfare 'to compel persons belonging to the enemy party to participate in hostilities against their country'." The Russian Federation’s Regulations on the Application of IHL (2001) also state: “It is prohibited to compel the population in the occupied territory to serve in the armed or auxiliary forces of the occupying power.”

Stamp collecting.

The Snake Island garrison's defiant "Russian warship, go f**k yourself" became a rallying call in Ukraine, especially after the Moskva, the Russian warship to whom the message was directed, sank after being hit by two Ukrainian Neptune anti-ship missiles. Ukrposhta, Ukraine's national postal service, issued stamps commemorating the incident, showing a Ukrainian soldier (presumably Roman Hrybov, who radioed the defiant reply to Moskva's demand that the garrison surrender) flipping the bird in the direction of a large but ineffectual looking Moskva. Within a few days of the stamp's issue, Ukrposhta said it had come under a distributed denial-of-service (DDoS) attack apparently intended to disrupt domestic and international sales of the commemorative stamp. Ukrposhta offered no attribution, but in this case the circumstantial evidence pointing to Moscow is, as Gizmodo points out, too obvious to ignore. The postal service is working through the effects of the DDoS attack, and says that a lot of people are still getting through to buy the stamp. (Supplies are limited, collectors; act now.)

#OpRussia: Anonymous counts coup.

The hacktivist collective has tweeted Its tally of recent successes claimed against Russian organizations: "#OpRussia: Since declaring 'cyber war' on Kremlin's criminal regime, the #Anonymous collective has now published approximately 5.8 TB of Russian data via #DDoSecrets. #Anonymous vows to release more data belonging to Russian entities and government, including a commercial bank."

On Sunday Security Affairs published the results of its sifting through the documents Anonymous had leaked "over the last three days" and found that files were taken from four commercial businesses:

  • "Enerpred is the largest producer of hydraulic tools in Russia and the CIS, specializing in the energy, petrochemical, coal, gas and construction industries. The collective has leaked a 432GB archive containing 645,000 emails."
  • "Accent Capital is a commercial real-estate investment firm that owns or is directly involved with the management of many of the properties its clients invest in. The collective has leaked a 211GB archive containing 365,000 emails."
  • "Sawatzky is a property management company. Sawatzky’s clients include Du Pont, Lenovo, Whirlpool, Aveva, Wella, Johnson + Johnson, Cisco, Google, Swatch, Avito, Samsung, Microsoft, Western Union, Saint-gobain, Turkish Airlines, and British American Tobacco. The collective has leaked a 432GB archive containing 575,000 emails."
  • "Worldwide Invest is an investment firm with ties to Estonia and Russian railways. The collective has leaked a 130GB archive containing 250,000 emails."

That #OpRussia represents a successful hacktivist action seems beyond dispute, but its achievements also seem to confirm that hacktivism in this ongoing hybrid war has yet to rise above nuisance levels. The nuisance is real, but it remains exactly that: a nuisance.

"Lacryphages," privateers, and state actors.

Anonymous has been operating in the Ukrainian interest. There has been evidence of hacktivism in the Russian interest as well, although in that case it's difficult to distinguish from opportunistic cybercrime that exploits sympathy for Ukrainian suffering ("lachryphagy," "drinking of tears," in the colorful term used by an op-ed in TheHill), gangland privateering, and direct state action. CNN reports that humanitarian organizations working on Ukrainian relief have been the targets of phishing, or, as CNN puts it "malicious links and pornographic material on their cell phones." Most aid organizations are relatively poorly protected non-governmental organizations, and in many cases have difficulty even recognizing that they're under attack, still less able to respond to an attack quickly and effectively. CNN quotes Amazon Web Services as explaining that the attacks seem intended to “to spread confusion and cause disruption,” which seems particularly odious when the activities being disrupted are the distribution of food, clothing, and medical supplies.

Speculation about reasons for restraint in cyberspace.

The Sydney Morning Herald offers seven possible explanations for Russian offensive cyber operations to have remained at a nuisance level in Russia's hybrid war against Ukraine:

  1. "Ukrainians are ready for it."
  2. The Ukrainians have had help."
  3. "Russia may not want to destroy services it plans to exploit."
  4. "Russia may be holding back."
  5. "In a brutal war, cyber may not be needed."
  6. "Russian cyber troops may be overrated."
  7. "The ransomware epidemic alerted the world."

Some, all, or none of these may be true, but the summary provides a useful compendium of speculation about the failure of large-scale, devastating cyberattacks to materialize.

Alternative energy suppliers in Europe sustain cyberattacks.

The Wall Street Journal reports that three alternative energy companies in Europe have sustained cyberattacks since Russia's invasion of Ukraine began. WindEurope, a wind-power industry group based in Brussels, says it believes the attacks originate with Russia. Presumably the goal is to make a shift from Russian oil and natural gas more difficult for European, especially German, markets. Two German turbine manufacturers (Enercon GmbH and Nordex SE) and one turbine maintenance firm (Windtechnik AG) have been affected.

Disinformation: forged document claims Ukraine is reselling military aid to African countries.

The Atlantic Council offers a debunking of claims in the Kremlin-aligned Telegram channel Rezident that Ukraine planned to sell surplus "armored cars, tanks, submachine guns, rifles, grenades, and bulletproof vests to African countries." All of that materiel, Rezident says, represents equipment Ukrainian forces need at the front, and the story has been amplified in other Telegram accounts as well as various Vkontakte pages. The document being circulated, and which is being represented as an official report from the Ministry of Defense to Ukraine's parliament, is clearly a forgery. It uses Russian orthography, for example, and it refers to organizations that no longer exist. The goal of the disinformation is to insinuate that Ukraine is beset by corruption. Rexident says “While Ukrainian soldiers are dying due to the absence of weaponry, clerks from the Ministry of Defense are selling it under the premise of redundancy,” and adds that the whole (fictitious) scheme amounts to a “cunning scheme of enrichment.”

Rosaviatsiya recommends that Russian airlines prepare for operations without GPS.

Isvestia reports that the Russian federal air transport authority, Rosaviatsiya, has counseled airlines to be prepared to operate without GPS. "This is due to its possible shutdown, as well as "jamming" of GPS signals and spoofing attacks when flying in the Kaliningrad region, over the Black Sea, east of Finland and the Mediterranean." GPS spoofing and jamming have been reported in those regions by Western sources, and that activity has generally been chalked up to Russian operators, but Isvestia offers no such attribution. RIA Novosti cites Roskosmos to the effect that it would be difficult to selectively turn GPS off in Russia, and that in any case GLONASS offers a viable alternative to GPS.