Cyber ​​​​and EW in combined arms operations.


Occupied Crimea is now disputed territory.

Situation report from the British Ministry of Defense this morning highlights yesterday’s explosions at Russian military installations in Crimea. “On August 16, 2022, both Russian and Ukrainian officials admitted that a munitions depot near Dzhankoi in northern Crimea had exploded, likely damaging a nearby railway and substation as well. Russian media also reported that smoke was rising near the Gvardeyskoye airbase in central Crimea. Dzhankoi and Gvardeyskoye host two of the main Russian military airfields in Crimea. Dzhankoi is also a major road and rail hub, playing an important role in supplying Russian operations in southern Ukraine. The cause of these incidents and the extent of the damage are not yet clear, but Russian commanders will most likely become increasingly concerned about the apparent deterioration in security across Crimea, which serves as the crew’s rear base.

Both Russia and Ukraine have been reticent about the incidents, but they most likely represent Ukrainian strikes, and the New York Times reports that Ukrainian officials have indicated that the strikes were carried out by special forces. “A senior Ukrainian official, who spoke on condition of anonymity to discuss Tuesday’s operation, said an elite force was responsible for the blasts,” writes the Times, adding: “Russia’s Defense Ministry called the blasts an ‘act of sabotage ‘ – a significant acknowledgment that the war is expanding into what the Kremlin considers Russian territory.” An article in Le Monde argued that the place President Putin has given Crimea in Russian popular culture will make it difficult for him not to come up with a big, effective and obvious response to the Ukrainian strikes on the peninsula occupied by Russian invaders since 2014. Crimea is also an important base and staging area for Russian operations along the Black Sea.

DDoS attack on Energoatom’s public website.

Russian pesky attacks against Ukrainian targets continue, most recently in the form of a distributed denial of service (DDOS) operation against the website of Energoatom, the Ukrainian state-owned company that operates the country’s four nuclear power plants. Energoatom described the incident, which took place on Monday, as “the strongest hacking attack since the start of the all-out invasion of the Russian Federation.” The company said the attack was launched from “the territory of the Russian Federation” and carried out by the Russian group Narodnaya Kiber Army, the “popular cyber army”, a hacktivist front organization. Energoatom said the attack used 7.25 million bots and lasted about three hours. It had a negligible impact on site visitors, the company said. Energoatom’s facilities include those currently occupied and under siege Zaporizhia nuclear plant. The DDoS had no discernible impact on operations at this or any other facility. The immediate risk for Zaporizhzhya is shelling, not DDoS.

A criminal group allied to Russian interests.

eSentire’s Threat Response Unit (TRU) has published a report about the Golden Chickens malware suite and its origins. Golden Chickens is a commonly used cyberweapon of choice for Russia’s FIN6, the Cobalt Group, and Belarus’ Evilnum. While searching for the identity of “badbullzvenom”, the threat actor behind the Golden Chickens suite, it was revealed that they claim to be Moldovan, speak Romanian, French and English and are in cahoots with the Cobalt Gang. A second threat actor, calling himself “Frapstar” and identifying username badbullzvenom as “Chuck from Montreal” and speaking French, is interested in stolen Canadian credit cards and claims to own a BMW 5 Series. His identity was discovered by TRU, although he went to great lengths to disguise himself. With new campaigns and source code enhancements running with Golden Chickens, with attacks as recently as July, it’s clear that a threat actor is still working on the malware, and the TRU continues to track the suite’s movements.

Lessons from the cyber phases of the hybrid war in Russia.

Some well-known and unsurprising lessons are among those the US Army is drawing from its observations of the Russian military operation. First, non-kinetic attack techniques, including both cyber and electronic attacks, are more prevalent in the gray area in the lower-intensity portion of the conflict spectrum. When the conflict moves to actual shooting, they remain useful, but they no longer have the central importance they had in the undeniable gray area. Fed Scoop quotes Lieutenant General Maria Gervais (Deputy Commander General, US Army Training and Doctrine Command) as telling TechNet Augusta yesterday: “The conflict also reveals an important aspect of both EW and cyber: neither is dominant on its own and they work best when converged with other multidomain effects.” As an example, she cited the observation that “the ability to use EW [electronic warfare] Spotting an enemy is most impressive when combined with long-range precision fire.

Second, the Russian “intelligence troops,” roughly considered the equivalent of US cyber command, have actually optimized themselves more for propaganda and counter-propaganda than for cyber operations, whether offensive or defensive.

Third, traditional electronic warfare, primarily jamming and radio direction finding, has become more prevalent as the conflict shifted to conventional warfare. And while there has been a convergence of cyber operations with electronic warfare, both are valuable in that they are integrated into combined arms operations. “Now both EW and Cyber ​​have played important roles in the fighting in Ukraine. It shows the types of threats the unified network faces in conflict with a peer or near-peer adversary,” General Gervais said. “The unified network must operate in an environment where it faces significant EW and cyber challenges. It must be resilient enough to deal with these threats while providing the army and joint force with the speed and relevance to converge multi-domain effects against an adversary. Ukraine serves as a stark reminder of that challenge.”

And fourth, cyber and electronic warfare capabilities require constant combat adaptation. Cyberspace, the fifth area of ​​conflict, is an artificial area shaped by human activity in ways the other four areas—land, sea, air, and space—are not. Cyber ​​capabilities in particular, argues an article in Breaking Defense: “Unlike a weapon that can be tested, validated, and put on the shelf knowing that it will work when needed, deployed information warfare and cyber capabilities need to be continuously aligned and tweaked to be relevant to the warfighter.”


About Author

Comments are closed.