Ukraine at D+84: Five months of cyber and info ops. – The CyberWire
This morning's situation report from the British Ministry of Defence (MoD) offers an account of the senior Russian officers who've either been sacked or are on the hot seat over combat failure in Ukraine:
"In recent weeks, Russia has fired senior commanders who are considered to have performed poorly during the opening stages of its invasion of Ukraine. Lieutenant General Serhiy Kisel, who commanded the elite 1st Guards Tank Army, has been suspended for his failure to capture Kharkiv. Vice Admiral Igor Osipov, who commanded Russias Black Sea Fleet, has also likely been suspended following the sinking of the cruiser Moskva in April. Russian Chief of the General Staff Valeriy Gerasimov likely remains in post, but it is unclear whether he retains the confidence of President Putin. A culture of cover-ups and scape-goating is probably prevalent within the Russian military and security system. Many officials involved in the invasion of Ukraine will likely be increasingly distracted by efforts to avoid personal culpability for Russias operational set-backs. This will likely place further strain on Russia's centralised model of command and control, as officers increasingly seek to defer key decisions to their superiors. It will be difficult for Russia to regain the initiative under these conditions."
These firings are in addition to the earlier purge of the FSB, blamed by President Putin for intelligence failures prior to the invasion. The MoD's current situation map shows stagnation in the Donbas and along the Azov coast.
Mandiant this morning published an overview of the Russian information operations it's tracked during the run-up to Russia's war against Ukraine, through the actual invasion, and continuing until now. Senior Analyst Alden Wahlstrom, one of lead authors of this report, said that the research sought to exhibit "how known actors and campaigns can be leveraged or otherwise refocused to support emerging security interests, including large-scale conflict. For years, analysts have documented that Ukraine, a key strategic interest of Russia's, is a testing ground for Russian cyber threat activity that they may subsequently deploy elsewhere.Now,we witnesshow pro-Russia actors have leveraged the assets and campaign infrastructure developed over time (in whole or part) to target Ukraine.
The operations exhibit a mixture of disinformation and disruptive attacks (mostly ransomware, wiper malware disguised as ransomware, and nuisance-level distributed denial-of-service attacks). Defacement of Ukrainian government websites began as early as January 14th of this year, with messages claiming theft and subsequent deletion of data. "The defacements likely coincided with the January deployment of destructive tools PAYWIPE, an MBR wiper disguised as ransomware, and the SHADYLOOK file corrupter against Ukrainian government and other targets." February 23rd, the eve of the invasion proper, saw a repetition of this style of attack. In this case the defacements "coincided with destructive attacks against Ukrainian government targets using the NEARMISS master boot record (MBR) wiper and PARTYTICKET wiper disguised as ransomware." And during the war itself, on March 16th a deepfake video of Ukrainian President Zelenskyy appearing to announce surrender to Russia was distributed over compromised Ukrainian news sites. This incident coincided with another wiper attack: "On the same day, Mandiant identified the JUNKMAIL wiper targeting a Ukrainian organization. The malware was configured via a scheduled task to execute approximately three hours before Zelenskyy was scheduled to deliver a speech to the U.S. Congress."
Some familiar threat actors have been in evidence. APT28 (Fancy Bear, the GRU) has been behind much of the Russian activity, and the allied Ghostwriter operators of Belarus's satellite intelligence and security services have also been active in the Russian interest. The Internet Research Agency, well-known as an election-meddling troll farm, seems also to have resurfaced as "Kiber [that is, Cyber] Force Z," and resumed influence and amplification operations. And there have been the usual covert media outlets working under inauthentic personae. Kiber Force Z's style is as familiar as it is tasteless, featuring a Russian-uniformed Pepe the Frog (an Orthodox cross blasphemously around his neck, a "Z" patch in the place of honor on his left shoulder) calling in an airstrike on Azovstal, occupied by three Azov Battalion soldiers with pig faces. (The Azov boys look better uniformed and equipped than comrade soldier Pepe, who seems a bit slack and devil-may-care in his turnout. Maybe Kiber Force Z realized that President Zelenskyy's casual kit played better than President Putin's expensive clothes, long tables and Ruritanian guards.)
There's also been some nominally hacktivist activity conducted in support of Russia. "Established hacktivist personas JokerDNR and Beregini have remained active in their targeting of Ukraine in the leadup to and since Russias invasion, including through their publication of allegedly leaked documents featuring possible personally identifiable information (PII) of Ukrainian military members.," Mandiant notes, and goes on to observe cautiously, "Additionally, newly established 'hacktivist' groups, whose degrees of affiliation to the Russian state are yet unknown,like Killnet, Xaknet, and RahDit, have engaged in hacktivist-style threat activity in support of Russia, including distributed denial-of-service (DDoS) attacks, hack-and-leak operations, and defacements." There is, we think, a strong likelihood that these hacktivist personae are operating under the control or at least direction of Moscow's intelligence services.
Russian disinformation has had two sides. One, for foreign consumption, has been in the familiar, tabloidesque, entropic style, intended to darken counsel more than to persuade, that's been a staple of Russian election meddling for the past decade. This line has featured such claims as the discovery of US biowar labs in Ukraine, Poland's systematic harvesting of Ukrainian refugees' organs for sale on the transplant black market, etc. The other has been aimed primarily at domestic audiences, and has emphasized the foreign threat to Russia, Ukrainian atrocities against ethnic Russian enclaves, and, above all, the alleged Nazi cabal that's got to be running Kyiv. These lines of disinformation have been intended to persuade.
The report concludes by offering its take on the outlook for influence campaigns aligned with Russian goals. Russian operators can be expected to continue to push disinformation, with a probable assist from their satellite services in Belarus. China and Iran serve as allies of convenience, retailing Russian themes when it serves those regimes' longstanding anti-Western strategic goals:
"Information operations observed in the context of Russias invasion of Ukraine have exhibited both tactical aims responding to, or seeking to shape, events on the ground and strategic objectives attempting to influence the shifting geopolitical landscape. While these operations have presented an outsized threat to Ukraine, they have also threatened the U.S. and other Western countries. As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses.
"One notable feature of operations attributed to known actors thus far is their apparent consistency with the respective campaigns established motives. Russia-aligned operations, including those attributed to Russian, Belarusian, and pro-Russia actors, have thus far employed the widest array of tactics, techniques, and procedures (TTPs) to support tactical and strategic objectives, directly linked to the conflict itself. This is especially beneficial when the facts on the ground shape Russias need to influence events in Ukraine, marshal domestic Russian support, and manage global perceptions of Russias actions. Meanwhile, pro-PRC and pro-Iran campaigns have leveraged the Russian invasion opportunistically to further progress long-held strategic objectives. We likewise expect this dynamic to continue, and are actively monitoring for expansions in their scope of information operations activity surrounding the conflict."
NATO's national coordinators for cybersecurity met yesterday in Brussels, the Hill reports, the first time such a group has convened. The meeting was prompted by the Russian war against Ukraine, and the ways in which it's altered the strategic landscape. "Allies have expressed concern that cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent," a NATO press release said. "NATO is a strong platform to share information, to exchange national approaches and responses, as well as to consider possible collective responses. Allies are also providing practical support to partners, including Ukraine."
Or words to that effect. Hacktivists looking for ways of throwing sand in the gears of Russian governance have established a website (WasteRussianTime.Today, according to Wired's story) where, if you're of like mind, you can place robot calls that connect a couple of Kremlin apparatchiki while you listen in as they try to figure out who called whom. The technology the hacktivist group (which calls itself the "Obfuscated Dreams of Scheherazade") uses is first cousin to that employed by the people who call you about extending your car warranty, or getting credit card interest relief.
This war started inside Moscow and St. Petersburg, within the power circle of Putin, and thats who we want to annoy and disturb, Wired quotes one of the service's organizers as explaining. So the effort is meant to be irritating, and no doubt it is, but these aren't prank calls in the classical genre, like calling the local smoke shop, inquiring whether they've got Prince Albert in a can, and then saying, "well, you better let him out," or like asking the bartender to page Amanda Huggenkiss. The organizers decided against facilitating such direct interaction (too dangerous to the participants, who might inadvertently reveal their identity or location). What they did instead was to set up a program that would initiate "a VoIP call, automatically dialing 40 of the leaked [Kremlin] phone numbers, and merging the user into a three-way call with the first two Russian officials' phones that connect."
We're of two minds on this. On the one hand, it's difficult to summon much sympathy for robocalling or even hacktivism in general, which have typically been marked by poor control, bad aim, and unintended effects. When Wired tried out the service, they found there were some difficulties connecting two Russian parties. Apparently there are latency issues, which the Obfuscated Dreams of Scheherazade are working on. There are also sources-and-methods issues. Christo Grozev, of Bellingcat, and no stranger himself to prank calls, explained this particular downside to Wired. Whenever something like this becomes public, the whole department changes their numbers, and that's not good for investigations, including journalistic investigations.
On the other hand it's difficult not to appreciate what the Obfuscated Dreams of Scheherazade are doing, at least as conceptual art. So, for your consideration, a thought experiment: what if the prank calls weren't placed by various outraged randos, but by, say, US Cyber Command, known to many as a pretty low-latency outfit. We're fairly sure there must be some Title 10 authority for ordering two-dozen anchovy pizzas for delivery to the Russian President's office. If, that is, you can still get a pizza in Moscow. So we say, Rear Admiral (retired) John ("Jack") Mehoff, call Fort Meade. America has need of you in this hour. (And, General Nakasone, you're welcome.)
Here is the original post:
Ukraine at D+84: Five months of cyber and info ops. - The CyberWire
- Frog-Themed Meme Coins In Focus - Pepe Unchained As The Best ICO This October - Analytics Insight - October 16th, 2024 [October 16th, 2024]
- PEPE Price Tumbles Below Major Support Is It Over For The Top Frog? - 99Bitcoins - July 17th, 2024 [July 17th, 2024]
- MOONHOP: Discover the Meme Coin Destined to Multiply Your Investment Ahead of Pepe and BlockDAG - NFTevening.com - July 17th, 2024 [July 17th, 2024]
- Pepe rises over 30% in a week as Pepe Unchained raises $4M in ICO - Cointelegraph - July 17th, 2024 [July 17th, 2024]
- Pepe Falls Hard as a $3.2 Million Rival Emerges - Cryptonews - July 17th, 2024 [July 17th, 2024]
- PEPE Drops as Mog Coin Rises But MOONHOP Presale Shifts Gears, Nears $1 Million- Is it The Top Meme Coin? - Techpoint Africa - July 17th, 2024 [July 17th, 2024]
- Are Pepe Coin Price Risks Worth The Squeeze In Q2? - NewsBTC - June 16th, 2024 [June 16th, 2024]
- Pepe Rebounds With 10% Rally, New All-Time High Soon? - Watcher Guru - June 16th, 2024 [June 16th, 2024]
- Cat Coin KAI Goes Viral As Pepe Faces Correction A New Era in the Meme Coin Market? - Finbold - Finance in Bold - June 16th, 2024 [June 16th, 2024]
- Pepe Coin (PEPE) Outperforms Meme Coin Market with 11% Surge Amid Market Downturn - Blockonomi - June 16th, 2024 [June 16th, 2024]
- PDAX Adds $PEPE and Solana-based $USDC - BitPinas - June 16th, 2024 [June 16th, 2024]
- PEPE and FLOKI Prices Plunge: Why Game Fox (GFOX) Could Be a Hot Meme Coin Pick in 2024 - CoinJournal - June 16th, 2024 [June 16th, 2024]
- Why Is Pepe Coin Rising Forbes Advisor INDIA - Forbes - June 12th, 2024 [June 12th, 2024]
- Memecoin Showdown: Which to Invest in This June - PEPE, DOGE, or BEFE? - Finbold - Finance in Bold - June 12th, 2024 [June 12th, 2024]
- Junes Best Memecoin Investment: Pepe, Doge, or Befe? - NewsBTC - June 12th, 2024 [June 12th, 2024]
- Pepe annihilates Dogecoin and becomes the new king of memecoins cryptos! - Cointribune EN - June 12th, 2024 [June 12th, 2024]
- Shiba Inu, PEPE Coin, or Bitgert Coin: A Guide to Choosing the Best Crypto - The Merkle Hash - March 26th, 2024 [March 26th, 2024]
- The New Generation of Meme Coins | A Closer Look at the Top 7 New Memecoins with Shiba Inu, Pepe, Bonk, Snek ... - Analytics Insight - January 16th, 2024 [January 16th, 2024]
- 10 New Cryptocurrency To Invest In 2024 - Outperform Bitcoin In ... - Finbold - Finance in Bold - December 2nd, 2023 [December 2nd, 2023]
- IOTA Price Rise Makes It Top Trending Cryptocurrency, Can This ... - CryptoPotato - December 2nd, 2023 [December 2nd, 2023]
- Make It More AI Trend - Know Your Meme - December 2nd, 2023 [December 2nd, 2023]
- New Meme Coin To Watch In 2024 As $MK Nears $2.5 Million Mark ... - CoinGape - December 2nd, 2023 [December 2nd, 2023]
- Is Meme Moguls The Next Pepe In The Making? - The Crypto Basic - November 24th, 2023 [November 24th, 2023]
- Slayboy Token, Pepe & Shiba Inu: The Battle For 100% Crypto ... - Digital Journal - November 24th, 2023 [November 24th, 2023]
- Unleashing the Power of Memes: GameStop Memes, Shiba Inu or ... - Crypto News Flash - November 24th, 2023 [November 24th, 2023]
- Is PEPE Coin Preparing to Take a Big Jump, Price Targets for PEPE - The Coin Republic - November 24th, 2023 [November 24th, 2023]
- Are Monacoin ($MONA) and Pepe ($PEPE) Dead? And What Could ... - Cryptonews - November 24th, 2023 [November 24th, 2023]
- Say Jell-O to these weird family recipes - Greater Milwaukee Today | GMToday.com - November 24th, 2023 [November 24th, 2023]
- Unleashed writers share their favorite Thanksgiving memories ... - Yakima Herald-Republic - November 24th, 2023 [November 24th, 2023]
- 40 Renowned Art Pieces Replicated By This Artist But With Pepe ... - Bored Panda - November 9th, 2023 [November 9th, 2023]
- Grok Tokens Market Cap Hits Over $10M: Be Wary of Musk's AI ... - CCN.com - November 9th, 2023 [November 9th, 2023]
- Three Things to Watch out for this Week: Polygon Resurgence, Pepe ... - Captain Altcoin - November 9th, 2023 [November 9th, 2023]
- PEPE The Forgotten Coin: The Ups And Downs Of Meme Coins VS ... - cryptonewsbytes.com - October 15th, 2023 [October 15th, 2023]
- Doja Cat and the frivolity of fascism - Dazed - October 15th, 2023 [October 15th, 2023]
- Here's Why the PEPE Price Tanked 20% as Suspicions of Team ... - CryptoPotato - August 26th, 2023 [August 26th, 2023]
- Scorpion Casino Token, Shiba Inu, and Pepe Coin: Earn Passive ... - Tekedia - August 26th, 2023 [August 26th, 2023]
- "The Muppets Take Manhattan" To Be Released on 4K Ultra HD - DAPS MAGIC - August 26th, 2023 [August 26th, 2023]
- 50 Cryptids Ranked by Their Undeniable, Indisputable, Jaw ... - The Hard Times - August 26th, 2023 [August 26th, 2023]
- Celebrations for BIG along WSM, PEPE, and AiDoge - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- PEPE Adds 61% Thanks to This Driver: Santiment By U.Today - Investing.com - June 24th, 2023 [June 24th, 2023]
- Meme Coins That Could Bring Great Gains: PEPE, TAMA & BIG - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- $PEPE Coin Skyrockets 70% in a Week as Whales Join the Meme ... - CryptoGlobe - June 24th, 2023 [June 24th, 2023]
- Comparing Community Engagement and Growth With Dogetti ... - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- As The Memecoin Hype With Pepecoin (PEPE) Fades, InQubeta's ... - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- Will Musk's Tweet Have The Same Positive Effect On Dogetti And ... - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- This Week in Crypto: What Exactly is Ethereum?, ETF Approvals ... - BeInCrypto - June 24th, 2023 [June 24th, 2023]
- Invest Early in New Crypto Presale Caged Beasts For 1000X ROI - Analytics Insight - June 24th, 2023 [June 24th, 2023]
- 5 Shitcoins Trending on DEXTools: Discord, Twitch, Onlyfans ... - Finbold - Finance in Bold - June 24th, 2023 [June 24th, 2023]
- This Week in Crypto: Bitcoin on the Moon, What Exactly Is Ethereum ... - CryptoSaurus - June 24th, 2023 [June 24th, 2023]
- Looking For The Best Meme Coins Of 2023? Try $BIG, DOGE, PEPE - Analytics Insight - May 29th, 2023 [May 29th, 2023]
- Navigating the Memecoin Minefield: Unveiling the Psychology ... - KrASIA - May 29th, 2023 [May 29th, 2023]
- Meme Coin Explosion with FLOKI, Pepe Coin, and DogeMiyagi - NewsWatch - May 29th, 2023 [May 29th, 2023]
- 5 cryptocurrencies under $0.10 to buy in June 2023 - Finbold - Finance in Bold - May 29th, 2023 [May 29th, 2023]
- Understanding Bitcoin Ordinals: Limited Use Case and the Rise of ... - Tekedia - May 29th, 2023 [May 29th, 2023]
- Memecoin Pepe Is the New Crypto Craze. Move Over, Dogecoin. - Barron's - May 18th, 2023 [May 18th, 2023]
- Pepe-Themed Bitcoin Frogs Becomes Most Traded NFT Amid Bitcoin Ordinals Hype - Yahoo Finance - May 18th, 2023 [May 18th, 2023]
- $Pepe The Internet's New Hot Meme Coin Hollywood X PEPE ... - Analytics Insight - May 18th, 2023 [May 18th, 2023]
- BTCC Lists Memecoin PEPE And New 'Ethereum Killer' SUI - BeInCrypto - May 18th, 2023 [May 18th, 2023]
- Vincent Van Dough Talks Disrupting Galleries and the Power of Pepe - nft now - May 18th, 2023 [May 18th, 2023]
- New To crypto? Then Buy Shiba Inu (SHIB), RenQ Finance (RENQ ... - The Crypto Basic - May 18th, 2023 [May 18th, 2023]
- Shibarium's Scam Warning and Pepe Coin's Dark History Resurfaces as Donald Trump CNN Town Hall Interview... - Lokmat - May 18th, 2023 [May 18th, 2023]
- Meme Coins Evolution- A Close Look at Pepe Coin's Dominance and Debut of Rick Coin - Yahoo Finance - May 18th, 2023 [May 18th, 2023]
- Sponge, AIDoge Die out While $HXPE Unleashes Memetic Magic in ... - The Coin Republic - May 18th, 2023 [May 18th, 2023]
- PEPEBABY is about to launch, will it lead a new trend in meme tokens - Digital Journal - May 18th, 2023 [May 18th, 2023]
- Ripple Ally v. SEC Takes New Turn, Elon Musk's Tweet Pushes PEPE up 54%, Ripple Could Burn Its XRP Right Now, Says Former Exec: Crypto News Digest by... - May 18th, 2023 [May 18th, 2023]
- Ripple v. SEC Final Decision Ready, Lawyer Says, Large SHIB Holders' Inflows Skyrocket, PEPE Shows Quicker Growth Pattern Than SHIB: Crypto News... - May 18th, 2023 [May 18th, 2023]
- NFT Artist and Collector OSF: 'NFTs Are Just a Medium' - Decrypt - May 18th, 2023 [May 18th, 2023]
- Influencer BitBoy Crypto is likely to hold Shiba Inu, Pepe, and Avorak AI for 2023 - CoinChapter - May 18th, 2023 [May 18th, 2023]
- Weekly roundup: LADYS and PEPE prices drop, AI tokens recover, Hydra mainnet release drives Cardano higher - FXStreet - May 18th, 2023 [May 18th, 2023]
- 'We screwed up' Coinbase CLO responds to outrage after exchange associated Pepe with hate groups - Cointelegraph - May 12th, 2023 [May 12th, 2023]
- How the Pepe coin, fueled by pure memetic power, soared past a $1.6 billion market cap in 3 weeksand then tumbled - Fortune - May 12th, 2023 [May 12th, 2023]
- Meme crypto Pepe coin had a meteoric rise, but has lost 70% of its value in a week. - MarketWatch - May 12th, 2023 [May 12th, 2023]
- Dogecoin Rival Pepe Hooks Crypto Whales. Memecoin Frenzy May Just Be Starting. - Barron's - May 12th, 2023 [May 12th, 2023]
- RenQ Finance (RENQ) and Pepe (PEPE) are two of the most hyped projects of 2023 | Bitcoinist.com - Bitcoinist - May 12th, 2023 [May 12th, 2023]
- Ethereum Validators Yield Profits as Pepe Coin and Signuptoken ... - Analytics Insight - May 12th, 2023 [May 12th, 2023]
- Tron founder Justin Sun to 'begin actively trading meme coins' - Finbold - Finance in Bold - May 12th, 2023 [May 12th, 2023]
- Meaning and history of the name Pepe - GBTIMES - May 12th, 2023 [May 12th, 2023]
- Pepe Coin Price Prediction 2023-2030: Will PEPE Reach 1 Cent? - CW360 - May 12th, 2023 [May 12th, 2023]
- Should you buy PEPE, DOGE, SHIB and other meme coins before April 20? Will Elon Musk come through? - FXStreet - April 19th, 2023 [April 19th, 2023]
- Streamers Shave Their Heads In Support Of Kyedae's Cancer ... - EarlyGame - April 19th, 2023 [April 19th, 2023]