February 1, 2023 — Flashpoint, the globally trusted leader in risk intelligence, today released a new report on the role of open-source intelligence (OSINT) in the Russia-Ukraine war.
As Russia’s full-scale invasion of Ukraine approaches the one-year mark, Flashpoint has released its report of ten real-life examples detailing how OSINT has helped organisations across the public and private sectors understand a hybrid war that spans cyber, physical, and informational domains.
“It has become a near imperative for just about every organisation in the world, from governments to enterprises, to be able to acknowledge and calculate their risk profiles in relation to the war,” said Andras Toth-Czifra, Senior Intelligence Analyst at Flashpoint. “And because we will likely still see changes in how this war is fought—by what means and at which targets—the importance of obtaining accurate, timely, and actionable intelligence remains essential.”
For over a decade, Flashpoint has been a critical partner to security and intelligence teams worldwide. Every day, organisations in the public and private sectors leverage Flashpoint’s intelligence to identify risks and stop threats for cyber threat intelligence (CTI), vulnerability management, fraud, and physical security teams. Governments and commercial organisations use Flashpoint intelligence to gain on-the-ground situational awareness, build risk assessments, prevent disruption, and implement counterterrorism and crisis response efforts, among other vital applications. Flashpoint’s intelligence is derived from publicly available information, chat services, social media and message platforms, foreign-language forums, criminal marketplaces, paste sites, and illicit communities across the internet, among other valuable sources.
This report, written by members of Flashpoint’s Intelligence Team, whose collective expertise encompasses everything from Russian-language cybercrime to the politics and culture of Russia and eastern Europe, provides a deeper understanding of the critical role OSINT plays in the ongoing war.
Notable examples in the report are:
- Recruitment on the frontlines: Where the convergence of cyber and physical intelligence identifies how internet-driven communication and funding influence and enable kinetic movement and warfare.
- Cryptocurrency and illicit financing: The intel, which triangulates blockchain and threat intelligence, provides insight into on-the-ground operations of mercenary groups and private military companies involved in the war, including troop movement, communication and transaction methods, and arms, supply, and infrastructure needs.
- Destructive malware wipers: This intelligence allows visibility over the tools deployed over Ukrainian and Western networks, as well as the risk of wipers being used against critical infrastructure systems in countries allied to Ukraine.
- Killnet: Russia’s favourite DDoS hacktivist collective has conducted distributed denial-of-service attacks on entities it deems to be supportive of Ukraine. Despite Killnet’s loud claims of being an ideologically motivated collective, the group still accepts commercial orders. All of those mentions of Killnet in the world’s top publications have likely brought new DDoS customers to the table.
- Battle for the Russian-Language darknet. One of the ongoing processes that Russia’s February invasion has accelerated is the fragmentation of the Russian-speaking cyber underground. This includes a rivalry that emerged over the summer between two leading competitors, RuTor/OMGOMG and WayAWay/Kraken.
- Documenting violence: For the duration of the war, eyewitnesses, military bloggers, correspondents, soldiers, and mercenaries alike have shared both textual information and visual media on Telegram and other platforms. These have been used as material for open-source investigations of the placement, activities, and identities of invading troops, as well as the atrocities committed by them. In future court proceedings on war crimes, this data could be crucial evidence.
- War bloggers and policy: Since the beginning of Russia’s invasion of Ukraine, a wide range of popular, pro-Kremlin channels have emerged on Telegram, they have come to shape the domestic image of the war. They are run by war correspondents of state-backed media, military bloggers, and mercenary groups, as well as domestic politicians and propagandists. While the narratives promoted by them have often aligned with the Kremlin’s preferred narratives, at times they have been markedly critical of Russia’s leaders.
- Iranian unmanned aerial vehicles (UAVs) bring strength to Russian military: The vast number of images and footage related to Iranian UAVs in use in Ukraine enabled Flashpoint users to: monitor the types of UAVs in use by Russian forces; gain a clearer picture as to how these UAVs fit into Russia’s war strategy; and understand how Ukrainian forces are confronting the threat.
- Mobilisation protests in Russia: Russian President Vladimir Putin’s decree announcing a “partial” mobilisation in Russia caused an immediate response. In the following days, hundreds of thousands of Russian citizens fled abroad as draft protests started in several regions. Flashpoint observed a growing number of chatter and advertisements on Russian-language illicit communities and social media platforms, offering methods or access to avoid the draft. Furthermore, monitoring events like this helps to understand the domestic reaction of Russian society to the ongoing war and the potential impact on an internal coup in Russia.
- Disinformation, conspiracy theories, and justification narratives: Disinformation narratives are very closely woven into the events of this war, lasting from Russia’s annexation of Crimea in 2014 to today’s ongoing invasion of Ukraine. These narratives have the power to shape political and kinetic decision-making; they are also an effective tool for psychological influence.
The full report can be found here.
About Flashpoint
Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organisations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io.