February 15, 2024: Russian Digest
Top stories I'm keeping an eye on!
February 15, 2024
Call to Action for my U.S. subscribers: Please call your Congress representatives and tell them to pass the weapons and aid package to Ukraine and to stop endangering U.S. national security by using domestic weaknesses for political purposes…
SBU detains executives connected to Russian oligarch
The Security Service of Ukraine (SBU) detained two Ukrainian executives suspected of helping Russian oligarch Oleg Deripaska embezzle weapons production supplies to Russia, the SBU announced on Feb. 15.
The SBU also issued Deripaska a notice of suspicion in absentia. He is charged with violating seven articles of the Criminal Code, including financing actions aimed at overthrowing the constitutional order of Ukraine.
Deripaska, billionaire and former president of the aluminum giant Rusal, was sanctioned by the U.S. in 2018 and by the U.K. in 2022, following Russia's full-scale invasion. Ukraine nationalized Deripaska's business assets in February 2023.
According to the SBU's investigation, management at the Hlukhiv Quartzite Quarry, one of Deripaska's properties later nationalized by Ukraine, allegedly sold bulk shipments of rock for steelmaking to Russian defense companies from 2012 until the full-scale invasion in 2022. Russian manufacturers used the raw materials to produce Iskander missiles and other weapons systems.
Deripaska's "top managers" at the quarry were detained for their role in financing Russian military aggression, the SBU said.
The SBU said it had collected evidence that these individuals helped Deripaska embezzle the quarry's products to Russia beginning in 2012, despite existing bans on the sale of these materials.
The unnamed managers, described as a director and a supervisor of the Hlukhiv quarry, were arrested in different regions of Ukraine, the SBU said.
Via Kyiv Independent
Former FBI informant charged with lying about the Bidens’ role in Ukraine business, undercutting GOP impeachment inquiry
Special counsel David Weiss charged a former FBI informant with lying about President Joe Biden and his son Hunter Biden’s involvement in business dealings with Ukrainian energy company Burisma Holdings, undercutting a major aspect of Republicans’ impeachment inquiry into the president.
Alexander Smirnov, 43, is facing charges in connection with lying to the FBI and creating false records. He was arrested Thursday at Harry Reid International Airport in Las Vegas, after his arrival in the US from overseas, and will make his initial appearance in federal court Thursday afternoon.
CNN is working to determine whether Smirnov has an attorney.
The indictment alleges that Smirnov’s story to the FBI “was a fabrication, an amalgam of otherwise unremarkable business meetings and contacts that had actually occurred but at a later date than he claimed and for the purpose of pitching Burisma on the Defendant’s services and products, not for discussing bribes to [Joe Biden] when he was in office.”
Read More at CNN
NATO will transfer one million drones to Ukraine
The partners made a commitment to supply Ukraine with drones for the Armed Forces of Ukraine during the meeting of defense ministers of the NATO member states in Brussels.
Source: Jens Stoltenberg, NATO Secretary General, as reported by a correspondent of European Pravda from Brussels
Details: This decision was made following the results of two days of negotiations, first in the Ramstein format and then in the Ukraine-NATO format. "In the last few days, new commitments from the allies concerning aid for Ukraine have been made," Stoltenberg noted.
He reported about the first agreement in the drone coalition that will be presided over by the UK and Latvia. "A group of NATO members set a goal of supplying Ukraine with a million drones," the Secretary-General said.
Stoltenberg also stressed that NATO is practically the only supplier of military aid to Ukraine: "Together, the NATO members facilitate over 99% of military aid". With that, he stressed that often, like in the case of drones, it is not the US that takes a leadership role in aid supply but the EU members, which is also a response to Washington’s concerns about insufficient funding of defense expenditures from the side of European states.
Background:
A drone coalition was formed at the meeting of the Contact Group for Ukraine’s Defence (Ramstein format) and its members were listed.
NATO and Ukraine will create a joint training centre in Poland.
Via Ukrainian Pravda
In Russia, foreign servers and data storage systems began to fail en masse
Sanctions for the war in Ukraine are beginning to increasingly affect the technological “sovereignty” of Russia, which the authorities demand to achieve.
In 2023, demand from Russian companies for the repair of hard drives, tape drives, controllers, motherboards, and other components of foreign computer equipment has increased five times compared to the previous year, Mikhail Sizov, managing partner of Mobius Technologies, told Kommersant.
“Last year, 80% of our requests for repairs occurred in the second half of the year. We plan to develop this area by expanding the list of components that we can restore,” he noted, emphasizing that there are either no new spare parts on the Russian market or they are sold at an inflated price. At the same time, Sizov admits that by the end of 2024, the market for computer equipment repair services for the corporate sector will amount to “billions of rubles.”
The Promobit company (manufacturer of servers and storage systems Bitblaze) confirms the growing demand in the corporate sector for the repair of computer equipment. According to the director of the company, Maxim Koposov, most often businesses need to repair motherboards, controllers, and power supplies for equipment from Mellanox, Supermicro, HPE, etc.
Companies also seek repairs because vendors do not provide warranties in Russia. “Suppliers have a choice - either pay additional VAT and transportation of equipment to other countries where there is official support from the vendor or carry out repairs themselves within the country,” Koposov explained.
At the same time, market participants note that in Russia there are no spare parts for data storage system servers and other equipment from vendors who monitor the supply of their products to Russia. For example, this applies to American Nvidia.
The demand for repairs is associated not with the lack of spare parts, but with their high cost: repairs are cheaper than a complete replacement, says Alexandra Mukhortova, head of enterprise solutions at Treolan.
Fplus Service, on the contrary, believes that in Russia there are problems with the availability of components of the equipment that was supplied before the imposition of sanctions. “There is enterprise-level equipment, produced and supplied in single copies, its path is tracked from the moment the production order is received, there are really no spare parts for it and the components cannot be repaired,” the company noted.
After the start of the war and the imposition of sanctions, Russian customers tried to immediately buy not only the data storage systems and server platforms themselves but also additional spare parts (power supplies, controllers, etc.) in order to create a stock of components for repairs, says the founder of the data center and cloud provider Oxygen Pavel Kulakov. According to him, companies will not abandon foreign technology, since they have software attached to them, which they continue to trust for storing and processing critical data.
Via Moscow Times
Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. In recent months, allegations of Unit 26165 activity of this type has been the subject of a private sector cybersecurity advisory and a Ukrainian government warning.
This botnet was distinct from prior GRU and Russian Federal Security Service (FSB) malware networks disrupted by the Department in that the GRU did not create it from scratch. Instead, the GRU relied on the “Moobot” malware, which is associated with a known criminal group. Non-GRU cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords. GRU hackers then used the Moobot malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber espionage platform.
The Department’s court-authorized operation leveraged the Moobot malware to copy and delete stolen and malicious data and files from compromised routers. Additionally, in order to neutralize the GRU’s access to the routers until victims can mitigate the compromise and reassert full control, the operation reversibly modified the routers’ firewall rules to block remote management access to the devices, and during the course of the operation, enabled temporary collection of non-content routing information that would expose GRU attempts to thwart the operation.
A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. In recent months, allegations of Unit 26165 activity of this type has been the subject of a private-sector cybersecurity advisory and a Ukrainian government warning.
This botnet was distinct from prior GRU and Russian Federal Security Service (FSB) malware networks disrupted by the Department in that the GRU did not create it from scratch. Instead, the GRU relied on the “Moobot” malware, which is associated with a known criminal group. Non-GRU cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords. GRU hackers then used the Moobot malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber espionage platform.
The Department’s court-authorized operation leveraged the Moobot malware to copy and delete stolen and malicious data and files from compromised routers. Additionally, in order to neutralize the GRU’s access to the routers until victims can mitigate the compromise and reassert full control, the operation reversibly modified the routers’ firewall rules to block remote management access to the devices, and during the course of the operation, enabled temporary collection of non-content routing information that would expose GRU attempts to thwart the operation.
Read More at DOJ
Ukraine's military says it sank a Russian landing ship in the Black Sea
Ukraine's military says it sank a large Russian landing ship in the Black Sea off the coast of occupied Crimea, although Russia's government has so far not confirmed the incident.
"The Armed Forces of Ukraine, together with the units of the [defense intelligence] @DI_Ukraine, destroyed the Caesar Kunikov large landing ship. At the time of the attack, the ship was in the territorial waters of Ukraine, near Alupka," the Ukrainian Defense Ministry said on X, formerly Twitter, on Wednesday.
Ukraine said it used maritime strike drones in the attack, sinking the ship 2.5 miles off Alupka, a city on the southern coast of the Crimean Peninsula, which Russia annexed from Ukraine in 2014.
Read More at NPR
Ukraine and NATO will create joint analytical, training and educational center in Poland – Stoltenberg
NATO and Ukraine will create a joint analytical, training, and educational center in Poland.
The announcement was made by NATO Secretary General Jens Stoltenberg in Brussels on Thursday after a meeting of the Ukraine-NATO Council.
“Today, we decided to create a new NATO-Ukraine Joint Analysis, Training and Education Centre in Bydgoszcz, Poland. It will allow Ukraine to share lessons learned from Russia’s war. And it will create a structure for Ukrainian forces to learn and train alongside their Allied counterparts,” he said.
According to the Secretary-General, a political decision has now been made, the details of which will follow later. “We will continue to stand with Ukraine. For Ukraine’s security, and for ours,” Stoltenberg stressed.
Via Ukraine Interfax
Kremlin File Podcast returns…
Deep Dive…
How Georgia Supplies Sanctioned Vehicles
Georgia continues to be a corridor for sanctioned automobiles to enter the Russian market. Our seven-month investigation has found that despite the Georgian government’s assertion that it honors the ban on the export of sanctioned vehicles to Russia, these operations persist. This risks setbacks for Georgia on its path to the European Union.
Read the Full Investigation at IFact
Deep Dive…
Jeffrey Epstein’s Russian Connection:
Billionaire's ties with FSB Academy graduate revealed
New details continue to emerge in the case of Jeffrey Epstein. The US financier and sex offender committed suicide in 2019 after his arrest on charges of human trafficking and soliciting prostitution, including of minors. Although hundreds of names of his victims and clients had been made public, there was almost no Russian trail in the Epstein case — until now.
The Dossier Center has uncovered the financier’s close contacts with Sergei Belyakov, then Deputy Minister of Economic Development and later head of the St. Petersburg Economic Forum Foundation, which runs the St Petersburg International Economic Forum (SPIEF). It has become the norm for female escorts from all over Russia to be present at the Forum.
Read the Full Investigation at the Dossier Center
Deep Dive…
Should I stay or should I go? German drill manufacturer announced withdrawal from Russia, but supplies of its production continued
High-precision drills and metal cutters are an important element of Russia’s military-industrial complex. But while international sanctions have made it more difficult for Russian weapons manufacturers to procure such capital, The Insider has discovered that supplies from the German company Gühring KG of high-precision metalworking machinery to Russian customers continued. The scheme involved shipping sanctioned products through Turkey via Gühring’s Russian subsidiary. The company claims that it has relinquished control over its Russian affiliate and that its attempts to divest fully from the sanctioned country were blocked by Russian officials. However, Turkish middlemen continued to sell Gühring KG technology to the company’s “deconsolidated” subsidiary in Russia.
Read the Full Investigation at The Insider