Ukraine at D+222: Ukraine's counteroffensive continues.
N2K logoOct 4, 2022

Russia begins to portray itself as the outgunned, overmatched underdog in its war against Ukraine, gamely fighting against the odds. Nuisance-level cyber operations continue on both sides as Ukraine's counteroffensive continues.

Ukraine at D+222: Ukraine's counteroffensive continues.

The Guardian summarizes the state of Ukraine's counteroffensive by noting that Russian forces no longer have full control of any of the four provinces whose annexation President Putin announced Friday. The Russian Ministry of Defense has been unusually forthcoming in its public announcements about the situation. "On Monday," the Guardian writes, "the Russian military acknowledged that Kyiv’s forces had broken through in the Kherson region. It said the Ukrainian army and its 'superior tank units' had managed to “penetrate the depths of our defence” around the villages of Zoltaya Balka and Alexsandrovka." The reference to "superior tank units" is consistent with recent Russian official and quasi-official statements that portray Russia as the outnumbered, outgunned victim of a vastly superior Ukrainian force. Propagandists on Russian television have been calling for more sacrifice and a harder war, and some are reading this as a sign of growing nationalist disaffection with President Putin's conduct of the war. It seems more likely, however, that these commentators are serving as stalking horses for a harder line the Kremlin intends to take.

As Ukrainian forces continue to advance, the commander of Russia's Western Military District was relieved yesterday. The Telegraph reports that Colonel-General Alexander Zhuravlyov was replaced by Lieutenant-General Roman Berdnikov. The Western Military District's forces have performed poorly in the vicinity of Kharkiv and Lyman.

An assessment of mobilization challenges.

The UK's Ministry of Defence (MoD) in its Tuesday morning situation report expresses doubt that Russia will be able to train and equip the conscripts being called up, whether in the regular draft class or in the form of reserves summoned by the partial mobilization announced on September 1st. "On 30 September 2022 Russian President Vladimir Putin signed an order for the routine autumn conscription cycle, which aims to train 120,000 conscripts. These conscripts are legally not permitted to be deployed outside of Russia. This is separate from those individuals being mobilised as part of the 21 September 2022 partial mobilisation order. The conscription cycle will begin on 01 November 2022, a month later than usual. The late start to the cycle is an indication of growing pressures on Russia’s ability to train and equip a large number of new conscripted personnel. The challenges of accommodating, training, equipping and deploying mobilised and conscripted personnel are significant. Deficiencies within the Russian administrative and logistical systems will continue to undermine these efforts."

Review: Russian cyber operations have achieved nuisance-level effects.

Secureworks' State of the Threat report for 2022 is out, and it shares the widespread assessment that the effect of Russian cyber operations in the war against Ukraine has been confined to a nuisance level: "The war against Ukraine has been revealing for Russia’s cyber capabilities. At the outset of the conflict there were wide fears of destructive attacks with wide scale repercussions as was seen with NotPetya in 2017. However, despite a steady cadence of cyber activity directed against Ukrainian targets, some of which is identifiably from Russian government-sponsored threat actors, no widely disruptive attacks have been successful. The most visible Russian threat group tracked by the CTU over the past year has been IRON TILDEN. This group is notable for spearphishing attacks conducted primarily against Ukraine but also against Latvia’s parliament in April."

Reports of dissident hacktivism in Russia.

In a communiqué delivered to the Kyiv Post, the National Republican Army, a group that identifies itself as a popular Russian organization devoted to the overthrow of President Putin's regime, said that it has executed a ransomware attack against Unisoftware, a large Russian tech firm. Unisoftware has a number of important clients (the Federal Tax Service, the Ministry of Finance of the Russian Federation, and the Central Bank of Russia among them) and the Kyiv Post said it was able to confirm that some of the data released in the National Republican Army's proof-of-hack indeed belonged to customers. The National Republican Army declined to say how much secondary access it had achieved, but suggested that it had carried out related attacks against large Russian organizations. Infosecurity Magazine speculates that one of the secondary targets may have been the retailer DNS, which early this week disclosed a breach and offered reassurance and apologies to its customers. The attack, DNS said, originated "outside of Russia."

Claims by, and about, the National Republican Army should be treated with caution and skepticism. The organization, control, and very existence of the group have reasonably been questioned. That there's some cybercrime going on inside Russia is almost certainly true, but seeing the hand of a serious, organized opposition group in that cybercrime probably involves a good deal of wishful thinking in the interest of Kyiv.