January 31, 2024: Russian Digest

Ukrainian commander says Russian airbase in Crimea hit in attack

The Balbek airfield in Russian-occupied Crimea was hit in an attack, Air Force Commander General Mykola Oleshchuk said on Telegram on Jan. 31.

Videos emerged on local Telegram channels earlier in the afternoon showing a series of explosions in Russian-occupied Crimea. The airfield is located a few kilometers north of Sevastopol.

Oleshchuk shared a video showing an explosion and thanked "everyone who participated in the clearing the Russian presence out of Crimea."

"Ukrainian aviators will definitely return home to their native airfield," Oleshchuk said, referring to Ukraine's 204th Sevastopol Tactical Aviation Brigade, which was based at the Balbek airfield before Russia illegally annexed Crimea in 2014.

Ukrainska Pravda reported that the attack on the airbase was carried out using Scalp/Storm Shadow long-range cruise missiles, citing a source in the military.

Oleshchuk earlier reported on Jan. 6 that the Ukrainian Air Force had carried out a successful attack against the Saky airbase, 50 kilometers to the north of Sevastopol.

The Ukrainian Armed Forces also reported a successful strike against a Russian command post near Sevastopol and ammunition warehouses near the village of Pervomaiske on Jan. 4.

Via Kyiv Independent: https://kyivindependent.com/ukrainian-commander-says-russian-airbase-in-crimea-hit-in-attack/

Three Moldovan companies sold $15 million worth of aircraft spare parts to Russia

Journalists found out that during 2022-2023, three Moldovan companies sold aircraft spare parts to Russia for a total of about 15 million dollars.

Details: The supply of aircraft parts to Russia via Moldova began a few months after the February 2022 invasion of Ukraine. Parts from Western countries went to major Russian airlines such as "Pobeda" and S7 Engineering.

Three Moldovan companies – Airrock Solutions, Aerostage Services, and Maxjet Service – were involved in the scheme. The first two were founded in November 2021 and April 2022, their owner is a former top official of the Moldovan airline Air Moldova Ivan Melnikov, the third one existed since 2011 and is owned by Sergey Ranga.

All three companies acted as intermediaries - placing orders for spare parts, after which they helped transport them to Russia, sometimes directly to Russian airports. At the same time, supplies were not made through the territory of Moldova.

Both Melnikov and Ranga told Radio Svoboda that they did not know about the delivery of parts purchased by their companies to the Russian Federation - they were, according to the contracts, destined for other CIS countries.

The investigation says that the reason for this situation could be Moldova's non-adherence to some European Union sanctions against Russia, which relate to the supply of parts to aviation.

RFE/RL's sources in the office of the President of Moldova said that they are aware of these cases and that "competent authorities" are already dealing with them. In addition, Chisinau is discussing the possibility of joining other EU sanctions.

In October 2022, journalists discovered that at least four Moldovan enterprises are connected to Russian military state corporations, which are under European Union sanctions due to the full-scale invasion of Ukraine by the Russian Federation.

Via Ukrainian Pravda: https://www.pravda.com.ua/news/2024/01/31/7439816/

Full Investigation at Radio Europa/Libera Moldova: https://moldova.europalibera.org/a/companii-moldovene-au-livrat-piese-de-avion-in-rusia-in-ciuda-sanctiunilor-occidentale-/32799642.html

Russian bomb damages hospital, prompts evacuation in northeastern Ukraine -officials

A Russian bomb struck a hospital in northeastern Ukraine on Wednesday, smashing windows and equipment and prompting the evacuation of dozens of patients, regional officials said.

Volodymyr Tymoshko, head of the Kharkiv regional branch of the national police, said one bomb scored a direct hit on the hospital at about 9:45 p.m. in the town of Velykyi Burluk, northeast of Kharkiv. A second bomb landed nearby.

Foreign currency reserves in Russian banks collapsed to a 13-year low

The Russian banking system continues to move towards a “currency famine” as sanctions cut off the economy from ties with Western markets and clients rush to withdraw money abroad.

At the end of 2023, foreign currency reserves in client accounts in Russian banks decreased by $30.9 billion, or 16%, according to statistics from the Central Bank of the Russian Federation. As of January 1, banks had $170.4 billion of client currency left—the minimum amount since November 2010.

The volume of foreign currency in the accounts of legal entities decreased by $16.1 billion over the year, and foreign currency accounts of citizens lost $8.1 billion. During two years of war, according to the Central Bank, banks lost $107.7 billion from foreign currency client accounts - almost 40% of the volume , which was held before the invasion of Ukraine.

The banks themselves are also losing foreign exchange liquidity - mainly cash in accounts abroad, which they use to secure obligations to clients. At the end of the year, the volume of such bank “foreign exchange reserves” dropped to $44.7 billion, the lowest level since the 2020 pandemic. Moreover, a significant reduction in banks’ liquid assets in foreign currency—by $4.2 billion at once—took place in December, when problems arose in settlements with Turkey and China, which had become Russia’s major trading partners.

In fact, the economy is experiencing a “degradation of the volume of foreign exchange resources,” noted earlier Egor Susin, managing director of GPB Private Banking. The volume of business of Western banks in Russia has shrunk to Soviet-era levels, and the influx of major world currencies has collapsed.

Via Moscow Times: https://www.moscowtimes.ru/2024/01/31/zapasi-valyuti-vrossiiskih-bankah-ruhnuli-dominimuma-za13-let-a120178

Deep Dive…

Hacking assistant to vice-speaker of the Russian State Duma: agents of influence in Serbia and media campaigns in the EU

InformNapalm volunteer intelligence community has a new CYBINT investigation based on data from the correspondence between Russian politicians and their assistants, exposing sensitive facts about international economic relations between Russia and Serbia, as well as other aspects of international politics, corruption and energy (in)security. The materials were obtained by InformNapalm from the Ukrainian hacktivists of the Cyber Resistance group, the findings were verified and supplemented with video evidence presented in this publication.

Who is who? Foreword.

Evgeny Zobnin is not a public person. There is not much information about him on the web. Cyber Resistance activists first noticed his name while researching the mail dumps for #BabakovLeaks from the hacked email of Alexander Babakov, vice-speaker of the Russian State Duma. Then it became clear that Zobnin, officially a mere volunteer assistant to a member of parliament, performs highly sensitive tasks for Babakov requiring a great degree of trust. For example, helping his boss to evade taxes or accompanying him on visits abroad. Cyber Resistance suspected that Zobnin may be the vice-speaker’s fixer, and therefore a keeper of important information about the affairs of Putin’s special representative for interaction with the Russian organizations abroad (one of Babakov’s long-standing positions). This prompted the team to take the next step and gain access to Zobnin’s mailbox (an e-mail dump zhzobnin@mail.ru).

Read Full Investigation at InformNapalm: https://informnapalm.org/en/hacking-assistant-to-vice-speaker-of-the-russian-state-duma/

Russia Behind Spike in European GPS Jamming, Baltic General Says

Estonian military commander says Moscow ‘learning and testing’
Aviation authorities increasingly warning of jamming activity

Russia is likely behind an increase in instances of jamming satellite signals used by airlines, smartphones and weapons systems in eastern Europe, according to a senior Baltic military commander.

Martin Herem, the commander of the Estonian Defense Forces, pointed the finger at the Kremlin for disrupting Global Positioning System signals as interference with satellite-based navigation systems has picked up in the Baltic region since last year. A particular surge has been registered this month in an area stretching from Finland to Poland to the Black Sea region.

Armenia Formally Joins International Criminal Court, Irks Russia

Armenia on Thursday formally joined the International Criminal Court (ICC), officials said, in a move that traditional ally Moscow has denounced as "unfriendly".

The Hague-based court in March issued an arrest warrant for Russian President Vladimir Putin over the war in Ukraine and the alleged illegal deportation of children to Russia.

Yerevan is now obligated to arrest the Russian leader if he sets foot on its territory.

"ICC Rome Statute officially entered into force for Armenia on February 1," the country's official representative for international legal matters, Yeghishe Kirakosyan told AFP.

Military intelligence confirms Russia used North Korean shells in Ukraine

Russian forces have already used North Korean shells at the front in Ukraine, military intelligence (HUR) spokesperson Andrii Yusov told Ukrinform on Jan. 31.

This comes as an official confirmation of what has been suspected for some time. North Korea has reportedly provided Moscow with at least 1 million shells, as well as short-range ballistic missiles and other weaponry.

"Yes, we can confirm that if we are talking about artillery rounds, such cooperation between the two regimes is being documented. North Korea has already delivered a significant part of artillery rounds to Russia," Yusov told Ukrinform.

"Some of them have already been used and are being used in the war against Ukraine."

Earlier in January, Prosecutor General Andrii Kostin reported the first evidence that Russia also used North Korean missiles in attacks against Ukraine.

"The results of preliminary scientific and technical examination confirm that the missile launched against central Kharkiv on Jan. 2 is a short-range missile produced in North Korea," Kostin said.

The U.S. and nearly 50 countries condemned the transfer and the reported use of North Korean missiles by Russia, calling for an immediate end to the delivery of weapons from Pyongyang to Moscow.

South Korea warned on Jan. 11 that its northern neighbor may also sell Russia new types of tactical guided missiles as military cooperation between the two countries strengthens.

Via Kyiv Independent: https://kyivindependent.com/military-intelligence-confirms-russia-used-north-korean-shells-in-ukraine/

There are more Russian spies in EU Parliament, Latvian lawmakers say

“We are convinced that Ždanoka is not an isolated case,” three MEPs wrote in letter about espionage obtained by Brussels Playbook.

BRUSSELS — There’s more than one.

As the European Parliament investigates a Latvian lawmaker suspected of being a Russian spy, her co-nationals in the chamber are warning there are others like her.

“There are other MEPs … knowingly serving Russia’s interests,” wrote Sandra Kalniete, Roberts Zīle and Ivars Ijabs, from the center-right European People’s Party, right-wing European Conservatives and Reformists and liberal Renew respectively, in a letter obtained by POLITICO’s Brussels Playbook.

Via Politico: https://www.politico.eu/article/russia-spies-european-parliament-latvia-meps-eu/

FBI director warns that Chinese hackers are preparing to ‘wreak havoc’ on US critical infrastructure

FBI Director Christopher Wray on Wednesday warned that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the US.

“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray told the House Select Committee on the Chinese Communist Party.

Though cyber officials have long sounded the alarm about China’s offensive cyber capabilities, Wray’s dramatic public warning underlines the huge level of concern at the top of the US government about the threat Chinese hackers pose to critical infrastructure nationwide. The head of the National Security Agency and other senior US officials also testified on Chinese cyber activity in front of the panel Wednesday.

Chinese government-backed hackers, Wray said, are targeting things like water treatment plants, electrical infrastructure and oil and natural gas pipelines.

The authorities were unable to launch the “sovereign RuNet” during the largest failure in history

The Russian “sovereign RuNet,” which has been developed since 2017 at the request of President Vladimir Putin, has not passed the strength test.

During a large-scale failure in zona.ru, which left millions of users in Russia and abroad without access to websites, Roskomnadzor instructed telecom operators to switch to the national domain name system (NDNS). Kommersant was told about this at the Center for Monitoring and Management of the Public Communications Network (TsMU SSOP), a RKN structure that is responsible for the “sovereign Internet” and regularly conducts exercises to launch it (the last one in July 2023).

At the same time, the transition to NDIS, which de facto would have been tantamount to the launch of a separate, closed Internet for Russia, failed. Although the system worked normally, and Russian operators are required to use it under threat of a fine, some of them did not connect to the NSDI either at the beginning of the failure or after a direct order from the authorities, said a representative of the Central Medical Directorate of the SSOP. “Unfortunately, we don’t know what the reason for this is,” he complained.

The RuNet crash, which may have been the largest in its history, left even government officials perplexed. An emergency meeting was held in the Cabinet of Ministers, but the reason for the incident could not yet be established, Baza reports citing sources . They decided to involve the Federal Security Service (FSB) in the investigation, from which preliminary results are expected by February 2.

The reason for the failure of the RuNet was an error during updates of the Domain Name System Security Extension (DNSSEC) key, the Coordination Center of Domains.ru i.rf reported , adding that “the main reason for the failure was the imperfection of the software used to create encryption keys.”

Experts, however, believe that software has nothing to do with it. “The software that does this (there are several different software, all open source [that is, they are developed jointly and publicly]) is accompanied by instructions and recommendations,” says Alexander Isavnin, coordinator of the Roskomsvoboda project for international cooperation, adding that in the Coordination Center these instructions were violated. The founder of Roskomsvoboda, Stanislav Shakirov, agrees with him: “DNSSEC is a technology that is being developed by the entire Internet, and the developers are not to blame. National technical centers that service the domain zone are always to blame for such failures.”

The Ministry of Digital Development explained the failure as a “technical problem related to the global DNSSEC infrastructure.” DNSSEC is a set of extensions for protecting data when working with DNS. And DNS itself is a system for converting human-readable alphabetic domain names into IP addresses. “[It’s] something like an address book that links common domain addresses (URLs) like kremlin.ru into machine-readable IP addresses like 95.173.136.70,” explains the Network Freedoms project.

At the same time, Network Freedom experts believe that the cause of the failure could have been an experiment to test the operation of the RuNet in isolation. “Russian authorities have long warned that they will try to transfer all users in the country to a national DNS server. This is probably what is happening now with a lot of sites in zone.ru,” the project explains.

Via Moscow Times: https://www.moscowtimes.ru/2024/01/31/vlasti-nesmogli-zapustit-suverennii-runet-vovremya-krupneishego-vistorii-sboya-a120189

The administrator of the .ru (sovereign RuNet) zone explained the failure on January 30 by the “imperfection” of the software

The Coordination Center (CC) .RU/.РФ, which is the administrator of the corresponding top-level domains, admitted that sites in the .ru zone were unavailable yesterday, January 30, in the evening due to a failure during DNSSEC key updates. At the same time, the main reason for the failure in the CC was called “imperfection of the software used to create encryption keys.”

DNS is a protocol that allows you to match website domains with the IP addresses of the servers that host the sites. DNSSEC is a cryptographic protocol extension that allows responses to queries to be verified. During the incident, DNSSEC worked “as intended: the operation of DNS servers that did not confirm the authenticity of their response was promptly blocked,” according to a statement on the CC website . At the same time, the center believes that the solution “requires improvement over time” and in the future should correct detected operational errors.

The failure in the .ru zone was complicated by the fact that “a significant part of Russian providers were actually not connected to the national domain name system (NDNS).” We are talking about an alternative DNS infrastructure provided for by the law on the “sovereign RuNet”: Russian operators are required to use it under threat of a fine under Part 1 of Art. 13.44 Code of Administrative Offenses of the Russian Federation. The CC clarified to Kommersant that the TsMU SSOP GRChTs (the Roskomnadzor structure responsible for the operation of NSDI) during the failure instructed operators to switch to the national system, which then worked normally, but individual operators did not switch to it either at the beginning of the failure or after the mailing instructions: “Unfortunately, we don’t know what the reason for this is.”

Problems with access to sites on the .ru domain in Russia led to disruptions in the operation of banking mobile applications, media services and marketplace order pick-up points. Sites in the .ru zone were not opened outside the Russian Federation. A Kommersant source in the telecom industry noted that Roskomnadzor does not have direct access to the global infrastructure and could hardly cause a failure.

Via Kommersant: https://www.kommersant.ru/doc/6480201

Thank you for reading Unmasking Russia. This post is public so feel free to share it.