Open-Source Intelligence in Russian Invasion of Ukraine

0

Flashpoint’s new report on the role of open-source intelligence (OSINT) in the Russia-Ukraine war has now been released.

As Russia’s full-scale invasion of Ukraine approaches the one-year mark, Flashpoint has released its report of ten real-life examples detailing how OSINT has helped organisations across the public and private sectors understand a hybrid war that spans cyber, physical, and informational domains.

“It has become a near imperative for just about every organisation in the world, from governments to enterprises, to be able to acknowledge and calculate their risk profiles in relation to the war,” said Andras Toth-Czifra, Senior Intelligence Analyst at Flashpoint. “And because we will likely still see changes in how this war is fought—by what means and at which targets—the importance of obtaining accurate, timely, and actionable intelligence remains essential.”

Report highlights include:

  • Recruitment on the frontlines: Where the convergence of cyber and physical intelligence identifies how internet-driven communication and funding influence and enable kinetic movement and warfare.
  • Cryptocurrency and illicit financing: The intel, which triangulates blockchain and threat intelligence, provides insight into on-the-ground operations of mercenary groups and private military companies involved in the war,  including troop movement, communication and transaction methods, and arms, supply, and infrastructure needs.
  • Destructive malware wipers: This intelligence allows visibility over the tools deployed over Ukrainian and Western networks, as well as the risk of wipers being used against critical infrastructure systems in countries allied to Ukraine.
  • Killnet: Russia’s favourite DDoS hacktivist collective has conducted distributed denial-of-service attacks on entities it deems to be supportive of Ukraine. Despite Killnet’s loud claims of being an ideologically motivated collective, the group still accepts commercial orders. All of those mentions of Killnet in the world’s top publications have likely brought new DDoS customers to the table.
  • Battle for the Russian-Language darknet. One of the ongoing processes that Russia’s February invasion has accelerated is the fragmentation of the Russian-speaking cyber underground. This includes a rivalry that emerged over the summer between two leading competitors, RuTor/OMGOMG and WayAWay/Kraken.
  • Documenting violence: For the duration of the war, eyewitnesses, military bloggers, correspondents, soldiers, and mercenaries alike have shared both textual information and visual media on Telegram and other platforms. These have been used as material for open-source investigations of the placement, activities, and identities of invading troops, as well as the atrocities committed by them. In future court proceedings on war crimes, this data could be crucial evidence.
  • War bloggers and policy: Since the beginning of Russia’s invasion of Ukraine, a wide range of popular, pro-Kremlin channels have emerged on Telegram, they have come to shape the domestic image of the war. They are run by war correspondents of state-backed media, military bloggers, and mercenary groups, as well as domestic politicians and propagandists. While the narratives promoted by them have often aligned with the Kremlin’s preferred narratives, at times they have been markedly critical of Russia’s leaders.
  • Iranian unmanned aerial vehicles (UAVs) bring strength to Russian military: The vast number of images and footage related to Iranian UAVs in use in Ukraine enabled Flashpoint users to: monitor the types of UAVs in use by Russian forces; gain a clearer picture as to how these UAVs fit into Russia’s war strategy; and understand how Ukrainian forces are confronting the threat.
  • Mobilisation protests in Russia: Russian President Vladimir Putin’s decree announcing a “partial” mobilisation in Russia caused an immediate response. In the following days, hundreds of thousands of Russian citizens fled abroad as draft protests started in several regions. Flashpoint observed a growing number of chatter and advertisements on Russian-language illicit communities and social media platforms, offering methods or access to avoid the draft. Furthermore, monitoring events like this helps to understand the domestic reaction of Russian society to the ongoing war and the potential impact on an internal coup in Russia.
  • Disinformation, conspiracy theories, and justification narratives: Disinformation narratives are very closely woven into the events of this war, lasting from Russia’s annexation of Crimea in 2014 to today’s ongoing invasion of Ukraine. These narratives have the power to shape political and kinetic decision-making; they are also an effective tool for psychological influence.

The full report can be found here.

Share.

Comments are closed.