Ukraine at D+1.
We note at the outset of this report that combat is inherently chaotic, and that all specific reports of damage and casualties should in particular be treated with a degree of respectful skepticism. MIT Technology Review offers some useful advice about the ways in which mis- and disinformation easily spreads in wartime. Old video and images circulate in social media (and the mainstream press) where they’re represented as current imagery. Some of this is a simple matter of error born of inexperience, some of it is more-or-less sincerely driven by partisan desire and expectation, and some of it is deliberate disinformation. There are also often problems with mistranslations of reports, especially between unrelated or more remotely related languages.
But there’s another reason to treat claims with caution: it’s very difficult, in ground operations, for anyone, including commanders and their staffs on the scene, to know the detailed effects of combat with clarity and precision. (Anyone who’s been involved in military training exercises will have experienced this difficulty first-hand, and combat exacerbates it.) So treat the reports from serious media as representing more-of-less sound approximations, and read the following with that in mind.
The situation on the ground in Ukraine.
There are confirmed Russian attacks in progress in some twenty Ukrainian cities, with Russian forces moving in from the Russian east, the Belarusian north, and the Black Sea south.
Fighting is reported in and around the capital, Kyiv, as Russia seeks the replacement of the Ukrainian government—Kyiv appears to be a decapitation objective. Russian forces are apparently making heavy use of artillery weapons. (Many or most of the “missile attacks” being reported are actually probably rocket attacks. The Russian weapons seen on the ground include a great many multiple rocket launchers, and those are free rockets, unguided systems, not missiles equipped with precision guidance. Free rockets are area weapons. Think of them as targeting square kilometers, not flying into individual vehicles or small command posts.) Ukrainian regulars are resisting Russian heavy forces (that is, mechanized forces equipped with tanks and other armored vehicles), and there are reports of irregular resistance as well, which the Ukrainian government has encouraged. Foreign Policy has an account of such resistance in the Donbas city of Kharkiv.
Some of the Russian forces engaged in the invasion have staged through and attacked from Belarusian territory. There are no credible reports of Belarusian troops proper involved in the invasion, but they’re apparently available should their participation become necessary or desirable. Belarusian President Lukashenka said yesterday that they would fight if Russia needed them.
Russian Foreign Minister Lavrov has offered to negotiate with Ukraine, the New York Times reports. All Ukraine needs to do is stop resisting the Russian special military operation. Thus the price of negotiation is surrender.
Public uses of intelligence.
Both the US and the UK have been unusually forthcoming about the intelligence they’ve developed concerning Russian capabilities and intentions over the past two months. At least two advantages may have derived from the unusual openness. The New York Times thinks it enabled greater transatlantic solidarity and more effective coordination of policy and sanctions. Quartz argues that Russian disinformation was noticeably less effective than it might otherwise have been, given quick American debunking and, even more so, predictive prebunking.
The situation in cyberspace, as Russia pursues its hybrid aggression.
The Russian invasion of Ukraine was preceded by distributed denial-of-service (DDoS) attacks that included wiper malware (“HermeticWiper”).
Tony Cole, CTO, Attivo Networks, offered advice to organizations concerned about becoming the targets of Russian cyber operations:
“The impact of the Russian invasion of Ukraine will have a significant impact on cybersecurity challenges for companies and governments in the U.S., allied with the U.S., and especially for the Ukraine. Here in the United States, we should expect significant attacks focused on what Putin will see as the organizations helping enact sanctions on Russia and their oligarchs. The U.S. Cybersecurity & Infrastructure Security Agency has already released warnings about attacks in a number of areas, including state-sponsored Russian attacks against cleared defense contractors. We can expect to see more frequent attacks against the U.S. financial sector, the U.S. Treasury Department, the US State Department and many others focused on actions around sanctions. Previous ground gained in pushing the Russian government to shutdown criminal ransomware gangs focused on targeting U.S. companies will likely evaporate and it’s possible those same gangs will be encouraged to increase their illicit activity.
“Companies in critical infrastructure should take the following steps immediately:
- “Ensure multifactor authentication is in place and required for every user.
- “Increase efforts around cyber-hygiene activities to keep all applications and operating systems updated.
- “Closely monitor and manage identity services systems such as Active Directory and implement attack detection inside it.
- “Ensure backups are done frequently, kept off-site, and kept in a pristine state.
- “Keep your incident response (IR) plan updated and practice it with all key personnel. Add an external IR contract if you lack expertise.
- “Engage with and get to know your local law enforcement team ahead of any major incident.
- “Know, understand, and follow other best practices from NIST (Cybersecurity Framework), MITRE ATT&CK, and MITR.”
NBC News reported yesterday that President Biden had been presented with options for cyber operations against Russian infrastructure: “Two U.S. intelligence officials, one Western intelligence official and another person briefed on the matter say no final decisions have been made, but they say U.S. intelligence and military cyber warriors are proposing the use of American cyberweapons on a scale never before contemplated. Among the options: disrupting internet connectivity across Russia, shutting off electric power, and tampering with railroad switches to hamper Russia’s ability to resupply its forces, three of the sources said.”
But White House Press Secretary Jen Psaki was quick with a denial. There’s nothing to the story, she tweeted, “This report on cyber options being presented to @POTUS is off base and does not reflect what is actually being discussed in any shape or form.” It seems unlikely that the US wouldn’t have contingency plans for cyber operations against Russia (it would amount to military malfeasance if no such plans were prepared), so perhaps the Press Secretary’s statement is better read as a non-denial denial, perhaps serving strategic ambiguity. That any such plans are predecisional is likely: the report did say that “no final decisions had been made.”
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise