This Situation report in the morning by the British Ministry of Defense focuses on Russia’s attempts to inject new forces into its invasion. The report is skeptical about how successful these trials will be. “Russian commanders will most likely continue to face the competing operational priorities of stepping up the Donbass offensive and strengthening defenses against expected Ukrainian counterattacks in the south. To support the operation in Ukraine, Russia has almost certainly raised a large new ground force formation. 3rd Army Corps (3 AC), based in Mulino, Nizhny Novgorod Oblast, east of Moscow Russia probably plans to draw a large proportion of the 3 AC from newly formed “volunteer” battalions being raised across the country and grouping them recruits from the same areas. Russian regional politicians have confirmed that potential 3 AC recruits will be offered lucrative cash rewards once deployed to Ukraine. Recruitment is open to males up to age 50 who have only middle school. A Russian army corps usually consists of 15-20 thousand soldiers, but it will probably be difficult for Russia to bring 3 AK to this strength, since there is very limited popular enthusiasm for volunteering in combat in Ukraine. The effect of 3 AC is unlikely to be critical to the campaign.
Explosions at a Russian air base in Crimea.
The explosions at the Russian air base near Novofederivka in occupied Crimea are alleged by Ukraine. The New York Times reports that Ukrainian authorities complained about the three large explosions that damaged the facility, attributing the strike’s success to “partisans.” Whether the attack was sabotage carried out by partisans on the ground, or whether the partisans located the target and unleashed long-range fire is unclear. US sources say the attack was not carried out by a Western-supplied system, and the Telegraph reports speculation that the weapon used against the airbase was a converted Neptun anti-ship missile, a system made in Ukraine. The attack is significant because it shows Ukraine’s ability to hit targets far behind Russian lines. Novofederivka is about 125 miles from the nearest areas under effective Ukrainian control.
The Finnish parliament is attacked by a cyber attack.
The Finnish Parliament website was unavailable yesterday after being subjected to a distributed denial of service (DDoS) attack. The attack is under investigation but is believed to have originated in Russia. Finnish news agency Yle reports that the website was unavailable between 2:30 p.m. and 10:00 p.m. local time. Based on claims in the Telegram channel of a hacktivist group, it is believed that the threat actor behind the incident is a Russian group calling itself NoName057(16) and the motive is to target the Finnish government for its decision to seek NATO membership , to bully. “We have decided to pay a ‘friendly’ visit to neighboring Finland, whose authorities are so eager to join NATO,” the group said.
Killnet says its cyber operations will soon (literally) become deadly.
Killmilk, the nickname used by the person or persons claiming to be the founder (or founders) of the nominally hacktivist group Killnet, has upped the ante of previous promises to punish the West for its support of Ukraine. and in particular for providing HIMARS rocket artillery. “In Russia I will become a hero and abroad a criminal,” Newsweek quoted Killmilk as saying in an interview published on Gazeta.ru. He added: “Soon, me and Killnet will launch powerful attacks on European and American companies that will indirectly result in casualties. I will do my best to make these regions and countries responsible for each of our soldiers.”
Killnet announced last week that it was undertaking a radically new form of cyberattack against targets it considers particularly objectionable, notably Lockheed Martin, which makes HIMARS, and against an unspecified system or subsystem of HIMARS itself. But so far, it is nothing happened yet.
It is perhaps notable that the repeated Russian theme “We are not threatening nuclear war, but we are threatening nuclear war” appears in Killmilk’s remarks. “We’re crazy guys, but we see the limits and we’re not going to cross them,” Killmilk said. “I don’t think nuclear missiles will fly in the faces of Lockheed Martin employees because of several dozen human casualties.” That means you’ve got nice company here; shame if something happened to it.
Cyber attacks on a British company criticizing Russia’s war.
The Telegraph reports that the UK’s National Cyber Security Center (NCSC) and Scotland Yard are investigating a series of denial-of-service (DDoS) attacks that legacy currency firm Currency.com has suffered since its founder lost to Russia in late February criticized war. Victor Prokopenya, the company’s founder, said: “The cyber attack has been happening almost daily for three months. It’s like someone keeps trying to break into your front door.” He said his security team was convinced the attack was Russian in origin. The NCSC believes that the operators behind the DDoS are private individuals, as opposed to Russian government organizations.
Not all criminal organizations work for Russia.
Digital Shadows reports on a cybercriminal gang showing sympathy for the cause of Ukraine. The DUMPS Forum was founded in May this year and looks very similar to other criminal forums, according to Digital Shadows. “The DUMPS forum seems to be the same as any other ordinary Russian-language cybercrime forum. There is a section for trading illegal material, carding, malware and gaining access to targeted networks. Currently, this forum is open to members with no verification or registration process, however, there is a constant request for an invitation system, which may become the primary method of access as the forum builds its profile.” But DUMPS differs in the allegiances it declares. In the forum this opening statement is posted: “Information services / leaks or other services in our forum are only allowed in relation to two states, that is Russian Federation and Belarus. Topics mentioning other countries are not allowed. This is the main rule of ours Forums.” So this is an anti-Russian (and anti-Belarusian) operation.
Digital Shadows characterizes DUMP as unusually “bold” and even goes so far as to post an alleged overhead picture showing their headquarters in a Kyiv apartment building. Who knows if that’s true or just a slob, but the roof has some demotic graffiti that reads something like, “Putin effed up”.
DUMP may, though not exactly, represent privateering, for it is unclear if DUMP has anything like the virtual brand of Russian gangs that delight in patriotic banditry. Digital Shadows concludes: “The DUMPS Forum likely plays an important role in the ongoing war between Russia and Ukraine, as a hub for hacktivists and patriotic cyber threat actors, as a symbol of resistance, and as a demonstrable difference on the cyber battlefield of success however, the DUMPS forum will attract unwanted attention; the ban on visiting Russian citizens underscores that the forum is already on the Russian state’s radar. It’s also realistically possible that the success of the DUMPS forum may inspire other services that are looking to play a role in the ongoing conflict.”
A linguistic note. DUMPS is written in Russian, and as such, Digital Shadows speculates that it may be designed to appeal to disaffected hoods in Russia itself. However, it is easy to underestimate the degree of mutual intelligibility between the Slavic languages, and especially between Russian and Ukrainian, and the fact that it is written in Russian would not pose a major obstacle to Ukrainian speakers. Anglophones may find this comparison useful: the English spoken in Scotland sounds different than the English spoken in Texas, but when you’re moving a child Brodick out with a child Marfa, they would probably sort it out.