Executive Overview of Russian Aggression Against Ukraine

Executive Overview of Russian Aggression Against Ukraine

insikt-logo-blog.png
Editor’s Note: This report provides an executive-level overview of Insikt Group’s unified view on the conflict between Russia and Ukraine, incorporating notable cyber offensive actions, influence operations, and geopolitical and physical threats. Research was conducted using the Recorded Future® Platform and other open sources.

Join Insikt Group for a live Threat Briefing and Q&A on February 23 at 10AM ET - Register

Executive Summary

Cyber Offensive Actions

Recent Cyber Offensive Actions Targeting Ukraine Recent cyberattacks targeting Ukraine have aligned with Russia’s strategic objectives. The cyberattacks have consisted of distributed denial-of-service (DDoS) attacks, website defacements, fraudulent messaging, and malware attacks, predominantly targeting Ukrainian government organizations, media organizations, e-services used by citizens, and other private sector organizations. Notable attacks are listed below:

Dark Web and Cybercriminal Activity Involving Ukraine Insikt Group has identified a significant uptick in dark web advertisements and sales of data and network access methods related to Ukraine in the last 3 months. We identified 7 Insikt Group Threat Leads related to Ukraine in the last 12 months, with 6 of those being identified in the last 3 months. Per Insikt Group’s report “Dark Covenant: Connections Between the Russian State and Criminal Actors”, we believe it is highly likely that Russian intelligence services and law enforcement have a longstanding, tacit understanding with criminal threat actors; in some cases, it is almost certain that the intelligence services maintain an established and systematic relationship with criminal threat actors, either through association or recruitment. Recently identified events of interest include:

Assessment on Cyber Offensive Actions in the Event of a Russian Invasion In the event of a renewed Russian invasion of Ukraine, we believe it is likely that cyber offensive actions targeting Ukraine will primarily consist of DDoS attacks and website defacements against Ukrainian government and media organizations, internet infrastructure, and e-services used by Ukrainian citizens such as digital banking. These cyberattacks would likely aim to cause confusion, hinder communications, weaken a Ukrainian military response, and demoralize the Ukrainian population as part of a wider hybrid warfare operation.

Assessment on Cyber Offensive Actions Against Other Countries There are concerns that Russian state-sponsored cyberattacks could also be launched against organizations outside of Ukraine in conjunction with a Russian military invasion of Ukraine. The US and the UK have issued warnings to this extent. We believe these concerns are justified based on previous undisciplined Russian APT cyberattacks that were likely intended to target only Ukraine but spread much wider. Furthermore, it’s plausible that Russia would seek to conduct cyberattacks against NATO countries to distract efforts and attention away from the invasion of Ukraine.

Influence Operations

Russia’s Multi-faceted and Versatile Influence Ecosystem Shaping Perceptions of Military Build-up Russia is almost certainly using influence assets and techniques, both covertly and overtly, to shape domestic, Ukrainian, and international audience perceptions of its military buildup along Ukraine’s northern, southern, and eastern borders. We believe that current Russian information operations are employing a multi-faceted and versatile approach to manipulate the narrative of this crisis, using developed human intelligence assets on the ground in Ukraine, covert elements of Russia’s disinformation ecosystem (such as intelligence-directed or otherwise affiliated news sources), social media influence operations, and official, overt propaganda through the Russian state media and political apparatus.

Key Themes of Russian Influence Operations Involving Ukraine Insikt Group has observed ongoing Russian covert and overt influence operations promoting a false primary narrative that Russia, not Ukraine, is a victim of aggression. These sources, often collectively, promote allegations and statements claiming that Ukraine, with support from its Western partners, is preparing to launch an offensive in eastern Ukraine. Often, we have found that these claims originate from proxies in eastern Ukraine (that is, pro-Russian separatists and their leadership), and then are amplified in Russian state media and government sources.

Geopolitics and Physical Threats

Russian Military Activities

Insikt Group has not observed Russian troop or asset withdrawal from the border of Ukraine, despite official Russian government and media reports of troops withdrawal. We observed new videos and photos posted on social media continuing to show troops and specialized equipment moving towards Ukraine, in line with the US, NATO, and Ukrainian assessments that Russia has in fact added 7,000 troops to the border. The latest US assessments indicate that Russia has massed between 169,000 and 190,000 personnel in and near Ukraine, and we believe that Russia is in fact increasing the capabilities of its military on the border with Ukraine.

Provocations and False-Flag Operations Insikt Group concurs with the US, UK, NATO, and other assessments that Russia is plotting false-flag operations as a pretext for a Russian invasion of Ukraine. We have observed discourse from Russian politicians suggesting there’s a high probability that Ukraine will launch a military offensive in Donbas, that Russia has a right to “counterattack” if it felt the need to protect Russian citizens living in eastern Ukraine, that Russia is concerned about reports of Ukrainian violence in Donbas and is closely monitoring the situation, and Putin comparing the actions of Ukraine in Donbas to genocide. Furthermore, Russian private military companies have reportedly increased their presence in Ukraine, presenting the Russian government with a further avenue to conduct a false-flag operation. We have observed recent instances of potential false-flag attempts, including the shelling of a kindergarten in Donbas.

Russian Government Prepares Legislation to Formally Recognize LPR and DPR On February 15, 2022, the Russian State Duma adopted a draft resolution on an appeal to the President of the Russian Federation with a request to recognize the independence of the self-proclaimed DPR and LPR. The document has now been sent to Russian President Vladimir Putin for consideration.