Ukraine at D+470: Ukraine's counteroffensive has begun.
the cyberwire logoJun 9, 2023

Ukraine's counteroffensive has begun, with an apparent push aimed at breaking Russia's land bridge to occupied Crimea. 

Ukraine at D+470: Ukraine's counteroffensive has begun.

Media consensus is that Ukraine opened its general counteroffensive yesterday, with artillery preparation and armored attacks at various points along the front in Eastern Ukraine. "Ukrainian officials had said they would not make an official announcement once the counteroffensive begins. But four members of the armed forces confirmed to The Washington Post that a significant attack had been launched."

A principal axis of advance, according to the Telegraph, is south of Zaporizhzhia, along a line that runs from Orikhiv to Tokmak, and thence to the Sea of Azov. If successful, the attack would sever Russia's land bridge to occupied Crimea. Russian defenses in the area are thought to be well-prepared, and Russian resistance so far is said to have been stiff; indeed, Russia's Ministry of Defense claimed victory before the assaults were fairly underway. The Ukrainian armor committed so far includes, Bloomberg reports, German Leopard-2 main battle tanks and US M-2 Bradley Infantry Fighting Vehicles.

Implications of the destruction of Nova Kakhovka.

The destruction of the Nova Kakhovka dam, while an ecological and humanitarian disaster, is thought unlikely to have a significant operational impact on the Ukrainian counteroffensive. The Guardian's analysis thinks the destruction of Nova Kakhovka is evidence of how far Russia is willing to go with brinksmanship in its conduct of the war. "Blowing up the dam is one of the most reckless things Vladimir Putin’s forces could do, short of using a nuclear weapon," the paper writes. "A willingness to recklessly endanger civilian lives, sweep away Russia’s own forces and damage farming systems vital to global security – for whatever reason – may add to western concerns that a cornered Russia could go even further in future."

Ukrainian intelligence services offer evidence of Russian responsibility for the collapse of the Nova Kakhovka dam.

Russia has claimed that Ukrainian shelling or bombing damaged Nova Kakhovka. The AP overflew the site with a drone this week, however, and reports seeing no damage that would be consistent with Moscow's story. This would offer some confirmation of other reports that the dam, which was and remains under Russian control, was mined internally by the occupiers. Seismic evidence captured by regional sensor lines points to a single explosion at 2:45 AM local time early Tuesday. That too is consistent with the detonation of an internal demolition charge.

The Security Service of Ukraine (SBU) early today posted a minute and a half of audio to its Telegram channel which the SBU says is an intercepted Russian call that acknowledges Russian responsibility for the destruction. Reuters quotes a translated version of the call as acknowledging both Russian responsibility and poor execution. "They (the Ukrainians) didn't strike it. That was our sabotage group," said one of the interlocutors, whom the SBU identified as a Russian soldier. "They wanted to, like, scare (people) with that dam. It didn't go according to plan, and (they did) more than what they planned for." While reports of an army's activities from a hostile intelligence service should be treated with caution, the admixture of brutality and ineptitude the caller described has characterized the Russian operational style throughout the special military operation.

Black Sea grain shipments remain at risk.

"The Black Sea Grain Initiative (BSGI) was extended by 60 days on 17 May 2023," the UK's Ministry of Defence observed this morning. "However, Russia almost certainly continues to hinder grain exports by deliberately slowing inspections and actively blocking some vessels. Currently, only one or two ships are being inspected per day, compared with six to eight in Autumn 2022. Russia is likely attempting to force concessions on the re-opening of the Togliatti-Odesa pipeline, which exports ammonia from Russia through Ukraine, via Odesa. To complicate the situation, in recent days, the pipeline was damaged and is not currently operational. There is likely to be further Russian rhetoric and obstruction of the BSGI in the weeks prior to the next extension deadline of 16 July 2023."

US delivers Ukraine Starlink connectivity and air defense systems.

A $2 billion US aid package for Ukraine expected to be announced today will concentrate on providing air defense systems, Bloomberg reports. The grant, part of the Ukraine Security Assistance Initiative, will provide HAWK air defense launchers as well as the Patriot Advanced Capability Missile-3 (Pac-3) and the Guidance Enhanced Missile (GEM-T). The GEM-T is a complement to the PAC-3, and is designed for use against a full range of aerial threats, including tactical ballistic missiles, cruise missiles, and aircraft.

The US Department of Defense is also buying Starlink connectivity to bolster the resilience of Ukraine's communications. Citing concerns about operational security, the Department has declined to provide details of the Starlink support.

Asylum Ambuscade engages in both crime and espionage.

ESET reports that a Belarusian threat group, "Asylum Ambuscade," active since 2020 at least, has been engaged in what ESET regards as an unusual mixture of cybercrime and cyberespionage. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions," ESET writes, "including North America and Europe. Asylum Ambuscade also does espionage against government entities in Europe and Central Asia. Most of the group’s implants are developed in script languages such as AutoHotkey, JavaScript, Lua, Python, and VBS."

Proofpoint last year announced its discovery of Asylum Ambuscade's activities against organizations providing aid to Ukrainian refugees and against European governments generally sympathetic to Ukraine's cause, and that it was primarily an espionage group. ESET's assessment, however, is that Asylum Ambuscade is originally and primarily a criminal group. The espionage in this case now appears to be a side hustle.

DDoS attack on Swiss parliament's website.

Switzerland's parliament came under distributed denial-of-service (DDoS) attack Wednesday and Thursday of this week, Netzwoche reports. There's no clear attribution, but the attack followed an announcement that Ukrainian President Zelenskyy would address the Swiss lawmakers in a virtual conference next week.