Tuesday, March 08, 2022

Report by whistleblower alleges up to 10,000 Russian casualties in Ukraine

Ukraine Kharkiv

A REPORT BY AN anonymous Russian intelligence analyst alleges that the Russian forces in Ukraine could have suffered as many as 10,000 casualties, and claims that the Kremlin has lost contact with a number of divisions. The claims are included in a 2,000-word document published online by Vladimir Osechkin, a Russian anti-corruption activist and vocal critic of the Kremlin, who has been living in France since 2015. In the past, Osechkin has collaborated with the investigative website Bellingcat.

According to British newspaper The Times, which first reported on the claims made by Osechkin, the document originates from an anonymous intelligence analyst in Russia’s Federal Security Service (FSB). The FSB has inherited the domestic functions of the Soviet-era KGB and today operates as Russia’s internal security and counterintelligence agency. The anonymous analyst claims that the Kremlin kept the FSB in the dark about its intentions to order a military invasion of Ukraine.

The report adds that Russian President Vladimir Putin had based its estimations about whether the country could withstand Western economic sanctions on a number of optimistic forecasts produced by the FSB in the run-up to the war in Ukraine. However, these forecasts were nothing more than “hypothetical box-ticking exercises” in which intelligence analysts were expected to make Russia “the victor” in order to avoid the wrath of their superiors. No-one in the FSB thought these forecasts were going to be used by the Kremlin to make actual decisions about a war in Ukraine, it is claimed.

The Kremlin now realizes the extent of its miscalculation, says the anonymous analyst. However, it is too late to avert this “total failure”, which is comparable militarily only to the “collapse of Nazi Germany” in 1944 and 1945. The Russian forces in Ukraine could have already suffered as many as 10,000 casualties, even though the Russian government has only acknowledged close to 500 deaths of servicemen, the document claims. The true number is unknown even to President Putin himself, given that the Ministry of Defense has “lost contact with major divisions” in Ukraine. The report concludes with the assessment that “Pandora’s Box has been opened” and that Moscow “has no way out” of this debacle. “There are no options for a possible victory, only defeat”, it warns.

The Times said it showed the report to Christo Grozev, a Bulgarian investigative journalist, who supervises Bellingcat’s reporting on Russian affairs. Grozev told the paper that Ukrainian intelligence has previously produced fake FSB documents in order to frame the public narrative about the war. He argued, however, that “this letter appeared different” and that former FSB agents who had seen it appeared convinced of its authenticity. He added that Osechkin’s disclosures from Russian sources tend to be reliable.

► Author: Joseph Fitsanakis | Date: 08 March 2022 | Permalink

Dutch intelligence disrupt large-scale botnet belonging to Russian spy agency

MARCH 7, 2022 BY  LEAVE A COMMENT

GRU Kt

ON MARCH 3, 2022, Dutch newspaper Volkskrant reported that the Dutch Military Intelligence and Security Service (MIVD) took action in response to abuse of SOHO-grade network devices in the Netherlands. The attacks are believed to have been perpetrated by the Main Intelligence Directorate of the General Staff of the Russian Armed Forces (GRU) Unit 74455. The unit, which is also known as Sandworm or BlackEnergy, is linked to numerous instances of influence operations and sabotage around the world.

The devices had reportedly been compromised and made part of a large-scale botnet consisting of thousands of devices around the globe, which the GRU has been using to carry out digital attacks. The MIVD traced affected devices in the Netherlands and informed their owners, MIVD chief Jan Swillens told Volkskrant. The MIVD’s discovery came after American and British [pdf] services warned in late February that Russian operatives were using a formerly undisclosed kind of malware, dubbed Cyclops Blink. According to authorities, the botnet in which the compromised devices were incorporated has been active since at least June 2019.

Cyclops Blink leverages a vulnerability in WatchGuard Firebox appliances that can be exploited if the device is configured to allow unrestricted remote management. This feature is disabled by default. The malware has persistence, in that it can survive device reboots and firmware updates. The United Kingdom’s National Cyber Security Centre describes Cyclops Blink as a “highly sophisticated piece of malware”.

Some owners of affected devices in the Netherlands were asked by the MIVD to (voluntarily) hand over infected devices. They were advised to replace the router, and in a few cases given a “coupon” for an alternative router, according to the Volkskrant. The precise number of devices compromised in the Netherlands is unclear, but is reportedly in the order of dozens. Swillens said the public disclosure is aimed at raising public awareness. “The threat is sometimes closer than you think. We want to make citizens aware of this. Consumer and SOHO devices, used by the grocery around the corner, so to speak, are leveraged by foreign state actors”, he added.

The disclosure can also be said to fit in the strategy of public attribution that was first mentioned in the Netherlands’ Defense Cyber Strategy of 2018. Published shortly after the disclosure of the disruption by MIVD of an attempted GRU attack against the computer network of the OPCW, the new strategy included the development of attribution capabilities, as well as the development of offensive capabilities in support of attribution. It advocates the view that state actors “that are [publicly] held accountable for their actions will make a different assessment than attackers who can operate in complete anonymity”.

► AuthorMatthijs Koot | Date: 07 March 2022 | Permalink

No comments:

Post a Comment