Gabriele Iuvinale’s Post

'The harsher reality is that Russia’s intelligence services have adapted their posture in cyberspace to the demands of a long war. Mounting evidence ... indicates that multiple Russian cyber units have shifted their sights away from strategic civilian targets toward soldiers’ computers and mobiles endpoints in order to enable tactical military objectives on Ukraine’s frontlines. 'There remain patterns of operational activity indicative of sustained interest in Ukrainian critical infrastructure objects that would hold no immediate intelligence value ... Moscow has rebalanced its overarching concept of operations to emphasise targets that can provide more direct and tangible battlefield advantages to its conventional forces'. https://lnkd.in/gG6NvT5a

We published a superb commentary by Dan Black today on Russia’s approach to cyber operations in Ukraine. He outlines how Russian cyber units have shifted their targeting and tactics as the war has progressed in order to support conventional military operations more directly. It’s also a useful corrective to the ‘cyber operations have limited strategic effects’ takes that have taken root since the start of the war. By focusing on the operational and tactical levels of the war, Dan makes a convincing argument about how cyber operations can further military objectives. We’re keen to publish more policy relevant commentaries by threat intelligence specialists so if you have an interesting take, get in touch!

Dan Black describes how Russia's cyber campaign in Ukraine has evolved to focus more on tactical military objectives rather than strategic civilian targets. Here are the main points 👇 ➡️ Russian intelligence services have adapted their cyber approach to the demands of a prolonged war, primarily targeting mobile devices and computers of Ukrainian soldiers. ➡️ This evolution aims to gain direct tactical advantages on the battlefield rather than focusing solely on critical civilian infrastructure. ➡️ Russian efforts are concentrated on: 1️⃣ Penetrating devices used by Ukrainian soldiers on the front lines, particularly exploiting encrypted messaging apps like Signal. 2️⃣ Accessing Ukrainian army command and control systems. 3️⃣ Using compromised webcams to locate Ukrainian military equipment. ➡️ This new approach involves closer collaboration between Russian cyber and conventional forces, with cyber operations moving closer to the front lines. ➡️ The consequences of these espionage operations can be severe, as illustrated by the deadly strike on Ukraine's 128th Mountain Assault Brigade in November 2023, linked to the compromise of a soldier's Signal account. ➡️ This evolution poses new challenges for Ukraine's cyber defense and requires renewed attention on how best to support Ukrainian defensive efforts. It is likely that these new Russian tactics will spread beyond Ukraine, potentially being used for other intelligence or influence objectives.

Russia’s invasion of Ukraine has changed warfare forever. Cyber operations are now tightly integrated with battlefield operations. Russia’s overall attack surface has grown well outside of Ukraine to include western supply chains and logistics. Throttling aid to Ukraine and attaching strings to offensive weapons is not a great strategy. History has shown the Putin will continue to bluff, and back down when that bluff is called. This article should be a wake up call for all NATO Countries. #SlavaUkraini https://lnkd.in/gb_BrsMu

NATO’s members have agreed to the construction of a new cyber-defense facility designed to help the military alliance build resilience and better respond to digital threats. As the alliance celebrated its 75th anniversary with a summit in Washington DC from July 9 to 11, it revealed plans for a new NATO Integrated Cyber Defence Centre (NICC), to be based at the Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium. About the Center: • NICC will include civilian and military experts from member states. • It will feature advanced technology designed to enhance situational awareness and boost collective cyber-resilience and defense. • NICC’s main role will be to inform NATO’s military commanders about offensive cyber threats and vulnerabilities that could impact the alliance, including privately owned civilian critical infrastructure. Context and Activities: • NATO declared cyberspace a legitimate domain for war several years ago and has been enhancing its capabilities in this space. • The alliance regularly conducts cyber-defense exercises, involving non-NATO members like Japan and South Korea. • In 2022, NATO announced plans to develop rapid response capabilities to address significant malicious cyber activities. • Also in 2022, NATO successfully completed a trial of new “quantum safe” technology designed to mitigate the future risks posed by quantum computers cracking asymmetric cryptography. Motivation for the Initiative: • Activities like the NICC are being carried out against a backdrop of growing concerns about a potential Trump presidency undermining the alliance, as well as in response to increasingly aggressive moves by Russia, China, and other hostile states. • In October 2023, Microsoft warned that Chinese actors had pre-positioned themselves within critical infrastructure networks, potentially to launch destructive attacks in the event of a conflict. • Russia regularly conducts cyber-espionage campaigns against the alliance and has tried to use false narratives to undermine it in various countries. • The Kremlin still asserts that NATO “aggression” was the reason for its invasion of Ukraine. NICC will be able to draw on the expertise of new members Sweden and Finland in its efforts to strengthen NATO’s cyber defense capabilities.

Russian cyber units have started to focus on targets tied to Ukrainian military objectives, trying to hack devices used by Ukrainian soldiers and getting access into command and control systems.This new approach to cyber operations marks a shift from attacking more strategic civilian targets like telecommunications and energy infrastructure. It looks like that Russia has altered its approach to exploit the type of targets that could provide more direct battlefield advantages, and supporting its ground forces. https://lnkd.in/dHRwmNtQ

CyberCoalition. To effectively counteract Russians and their allies in cyberspace, we must unite our cyber forces. While everyone possesses individual capabilities and tools for active defense of their systems, conducting cyber operations, and showcasing their capabilities, such actions alone don't deter the adversary; they, in fact, pose challenges. The aggressor utilizes the infrastructure and technological platforms of NATO countries to attack its own members and partners. This underscores that, to date, alliance members have not synchronized their cyber divisions to counter Russian cyber aggression. Modern warfare demands innovation and changes to international rules. Therefore, it's crucial to leverage areas and technologies that are not fully regulated today and cannot serve as a deterrent to using force against a common enemy. By establishing a cyber coalition, we can swiftly create a supplementary defense system for protecting our sovereignty.

Of interest. "China has disbanded and replaced its Strategic Support Force, a pivotal component of the People’s Liberation Army’s modernization efforts." The newly established "Information Support Force underpins 'coordinated development and application of network information systems.' This suggests it is responsible for command and control, information security, and intelligence dissemination." "The PLA now has three nascent arms — the Information Support Force, Cyberspace Force and Aerospace Force. It appears the latter two were existing SSF departments that China renamed." https://lnkd.in/erhPkm3E #china #chinathreat #cyber #aerospace #informationoperations #intelligence #commandandcontrol #informationsecurity

This is a very forward-looking and prescient article (that's open access!) by Marina Miron and Rod Thornton in Applied Cybersecurity & Internet Governance. Despite the crucial role given to cyber operations, both informational and technical, in contemporary Russian military thought, Russia's cyber technical operations directed against Ukraine, while doubtless problematic and damaging, have been less devastating than initially envisioned. The reason for this? As the authors suggest, not only is Russia using its war against Ukraine to acquire a better understanding of NATO cyber defenses so as to improve its offensive techniques, but Russia may very well be saving its most debilitating technologies for a future direct confrontation with NATO. Not words that anyone wants to hear, but a much-needed canary in the coal mine for what is certainly a plausible potentiality. #russia #ukraine #russoukrainianwar #cyber #informationoperations #infoops #hybridwarfare

With Russia's full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group’s operations in support of Moscow’s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia’s conventional forces than in any other previous phase of the conflict. To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign.