Ukraine continues to tighten its grip on Russian forces near Bakhmut, while Russia retaliates by launching drone strikes on Ukrainian cities. The location of Colonel General Surovikin, the Aerospace Forces’ chief of staff and Russian deputy commander in Ukraine, remains unknown since the march on Moscow. However, Russia’s Chief of the General Staff, General Valery Gerasimov, made his first TV appearance since the Wagner mutiny on July 10, 2023.
The NATO summit held in Vilnius concluded with promises of continued and closer support for Ukraine, although it did not provide immediate membership or a timetable for accession to the Alliance. Ukrainian leaders expressed their disappointment, but President Zelenskyy conveyed gratitude to NATO for the extensive support pledged. The summit’s communiqué highlighted Russia’s aggressive military operation, emphasizing the role of cyber operations in Russia’s strategy and the far-reaching effects they had on NATO members and the rest of the world. NATO vowed to enhance its tools to counter Russian hybrid actions and defend against hybrid attacks.
In other news, Microsoft published an alert on the activities of Storm-0978, also known as “RomCom,” a threat actor that targets defense and government entities in Europe and North America. This phishing campaign exploited CVE-2023-36884, a remote code execution vulnerability in Word documents related to the Ukrainian World Congress. Although the vulnerability has not been fully patched, mitigations are available. RomCom operates as a ransomware and extortion operation, as well as conducting cyber espionage, with a focus on credential theft. The group acts in Russia’s interests.
Additionally, Russian intelligence services employed a unique phishing tactic by using an ad for a discounted used BMW to target diplomatic missions in Ukraine. Palo Alto Networks’ Unit 42 identified APT29, Cozy Bear, Russia’s SVR foreign intelligence service as the responsible party. The campaign used LNK files posing as images to hook diplomatic targets from embassies of various countries, including the United States, Canada, and Turkey. The objective was espionage and the collection of sensitive information. The car advertised in the campaign was a real vehicle belonging to a Polish diplomat in Kyiv, although suspicions arose when he received inquiries about a lower price than he had posted.
This phishing campaign represents a departure from previous tactics that typically used diplomatic-themed lures. It serves as a warning for diplomats and highlights the need for heightened vigilance against cyber espionage in Ukraine and its allied nations.
Overall, Ukraine’s military operations against Russian forces, Russia’s retaliatory drone strikes, NATO’s ongoing support for Ukraine, the activities of the RomCom group, and the unique phishing campaign targeting diplomatic missions all contribute to the complex and multifaceted dynamics of the ongoing conflict between Russia and Ukraine.