Ukraine Live Day 687: Ukraine Claims Number Of Low-Intensity Attacks Has Doubled Over 24 Hours

January 5, 2016

The Ukrainian military claims that the number of attacks seen over the last 24 hours has almost doubled, however Kiev reports no artillery use. Meanwhile separatists in Donetsk claim that Ukrainian forces have used mortars in attacks.

Yesterday’s live coverage of the Ukraine conflict can be found here.

Please help The Interpreter to continue providing this valuable information service by making a donation towards our costs.

For links to individual updates click on the timestamps.

For the latest summary of evidence surrounding the shooting down of flight MH17 see our separate article: How We Know Russia Shot Down MH17.

Experts Identify Malware That Caused Ivano-Frankivsk Blackout Last Month

Ars Technica reports that both a US internet security company and a Slovakian antivirus provider have confirmed that a malware infection was responsible for a power outage in Ukraine’s Ivano-Frankivsk region on December 23.

The Prikarpattya Oblenergo company, which is responsible for power in Ivano-Frankivsk, first reported that a virus had been the cause of the blackout on December 24. Yesterday the Ukrainian Security Service (SBU) announced it was investigating the incident and accused Russia of conducting a cyber attack.

According to the Ars Technica article, the US iSIGHT Partners firm has obtained and studied samples of the malware found on the computers of “at least three regional operators.”

They said the malware led to “destructive events” that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.

“It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.”

Slovakian antivirus firm ESET confirmed that several Ukrainian power companies had been infected by a package called ‘BlackEnergy,’ a malware system associated with a group referred to by iSIGHT as the ‘Sandworm gang’ whose targets certainly suggest Russian involvement.

In 2014, the group behind BlackEnergy, which iSIGHT has dubbed the Sandworm gang, targeted the North Atlantic Treaty Organization, Ukrainian and Polish government agencies, and a variety of sensitive European industries. iSIGHT researchers say the Sandworm gang has ties to Russia, although readers are cautioned on attributing hacking attacks to specific groups or governments.

According to ESET, the Ukrainian power authorities were infected using booby-trapped macro functions embedded in Microsoft Office documents. If true, it’s distressing that industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy. It’s also concerning that malware is now being used to create power failures that can have life-and-death consequences for large numbers of people.

In October, 2014, ESET’s Anton Cherepanov and Robert Lipovsky gave a presentation on the use of BlackEnergy during attacks that year in Ukraine and Poland:

On Sunday, Cherepanov wrote that BlackEnergy was modified last year to include a new KillDisk component that could damage data stored on target machines and render systems unbootable.

The package also contains a process designed to target and disable industrial control systems:

The second process name may belong to software called ASEM Ubiquity, a software platform that is often used in Industrial control systems (ICS), or to ELTIMA Serial to Ethernet Connector. In case the process is found, the malware does not just terminate it, but also overwrites the executable file with random data.

— Pierre Vaux

Ukrainians’ Satisfaction With Life Hits All Time Low

RFE/RL reports that, according to a new Gallup poll, Ukrainians were less satisfied with their lives in 2015 than in any other year covered by the poll:

Gallup said the poor outlook is likely related to Ukrainians’ growing dissatisfaction with their living standards in the conflict-torn country.

Over the last year, the percentage of Ukrainians who report being satisfied with their living standards has dropped from 27 percent to 17 percent, Gallup said.

The percentage of Ukrainians who view the country’s economic situation as “poor” jumped from 62 percent in 2014 to 79 percent in 2015.

Read more on RFE/RL’s liveblog.

James Miller

Ukraine Claims Number Of Low-Intensity Attacks Has Doubled Over 24 Hours

The Ukrainian military reported this morning that the number of attacks over the previous 24 hours represented a near doubling on the previous day, with 20 ceasefire violations reported compared to 11 yesterday.

According to the ATO Press Centre, the majority of attacks took place near Donetsk and Gorlovka, with the most intense fighting seen between 18:00 and midnight near the ruins of Donetsk Airport. To the west of the airport, seven “chaotic” heavy machine gun attacks were reported, with small-arms fire reported on Opytnoye to the north.

Colonel Oleksandr Motuzyanyk, a military spokesman for the Presidential Administration, reported later today that rocket launchers had also been used near Opytnoye, and that Ukrainian troops near Marinka, southwest of Donetsk, had been attacked: 

In the Gorlovka area, Russian-backed fighters reportedly fired on Luganskoye with heavy machine guns and Zaytsevo with small arms and grenade launchers.

After midnight the military reported three attacks. An SPG recoilless rifle was used in an attack on Ukrainian troops outside Zaytsevo, north of Gorlovka, while small arms were used near Novgorodskoye, to the west of the separatist-held town. On the western fringes of the Lugansk region, a Ukrainian defensive position several kilometres south of Troitskoye came under heavy machine gun fire.

Motuzyanyk reported no military casualties, but did claim that both a Russian drone and reconnaissance jet had been detected flying along the frontier with occupied Crimea:

Meanwhile, the ‘defence ministry’ of the self-declared Donetsk People’s Republic (DNR) claimed this afternoon that Ukrianian forces had violated the ceasefire seven times over the past 24 hours.

According to the DNR, Ukrainian troops, using 82 mm mortars, infantry fighting vehicles, grenade launchers, and anti-aircraft artillery, shelled the Spartak and Zhabunki suburbs of northern Donetsk, as well as Zhelyoznaya Balka outside Gorlovka.

— Pierre Vaux