Tactical Military

  • Ukrainian President, Volodymyr Zelensky, stated during an interview on 11 May 2023 that more time is required for the Ukrainian Armed Forces (UAF) to prepare for the anticipated counter offensive. President Zelensky attributed this to still waiting for batches of armoured vehicles to arrive from allies.
  • Geo-located footage from the southern outskirts of Bakhmut has purported to show Russian Federation Armed Forces (RFAF) withdrawing and fleeing their positions as UAF conduct counter attacks led by a T-72 tank, during an operation between 8 – 10 May 2023. Other instances of RFAF and Wagner ceding of ground both within and on the outskirts of Bakhmut has also occurred during this reporting period. Wagner owner, Yvgeni Prigozhin, has publicly and angrily acknowledged these losses and attributed them to the lack of support for Wagner mercenaries, and poor training of RFAF units supporting Wagner on the flanks.

Reporting by British news outlets with geo-located footage of RFAF on the outskirts of Bakhmut, fleeing their positions as a result of a UAF counterattack. Source: www.telegraph.co.uk

So What?

  • Although President Zelensky did state that the UAF would be successful if a counter offensive was initiated now, his desire to wait to preserve unnecessary loss of life (which he felt would be increased without the full suite of gifted hardware) highly likely indicated that he wishes to promote the perception that he does not believe Russia to pose a substantial offensive threat currently. His stated intent is to give the UAF the best possible chance to fully prepare and conduct the counter offensive at a time of its choosing. It is possible that this interview and the discussion of waiting on what was promised is to apply pressure to Ukraine’s allies to speed up the delivery, yet also possibly masks other preparations such as training of personnel and waiting for the conditions on the ground to change to improve mobility.
  • It is likely that the success of the local UAF counter attacks in and around Bakhmut is due to the lack of Russian command and control amongst the different units operating in support of Wagner, with Prigozhin possessing a significant audience to vent either accurately or inaccurately the failings of supporting units. Either way, it is likely hugely embarrassing for the Russian effort, given it was possible that Wagner and RFAF intended to complete the offensive to take Bakhmut ahead of the 9 May 2023 Victory Day celebrations. The initial stages of the UAF counter offensive will highly likely emulate tactics which have been seen recently in Bakhmut, exploiting the lack of command and control between RFAF units. Comparatively, the UAF has clearly demonstrated its ability to seize opportunity and react effectively. This will highly likely be required as UAF conduct reconnaissance in force of the RFAF defensive line along the Forward Line of Enemy Troops (FLET)) in its entirety. Whilst Zelensky has stated the counter offensive has not yet begun, it is highly likely that it will be localised and conditions based, rather than a clear demarcation of a date or a decision point.

Operational / Strategic Military

  • The UK announced on 11 May 2023 that it has provided Ukraine with Storm Shadow Cruise missiles, reportedly in response to the Russian targeting of Ukrainian Critical National Infrastructure.
  • A Russian malware implant tool which has been operational for approximately two decades has been dismantled by co-ordinated efforts by the FIVE EYES community (US, UK, Australia, New Zealand, and Canada). Known as Snake, it had been an essential espionage tool for Centre 16, a cyber espionage element within the Russian Federal Security Service (FSB). During its operation, the tool collected sensitive information against Governments, industry, journalists, or any other target deemed of interest to the FSB.

The US Cybersecurity and Infrastructure Security Agency has published a Joint Advisory on the technical details of Russian malware tool, Snake, so that organisations can better protect network infrastructure. Source: @CISAgov

So What?

  • The Storm Shadow long-range cruise missile has stealth capabilities, a range of up to 250km, and a payload of 450kg. This is the longest range of missile that Ukraine has been gifted so far in the conflict and will almost certainly be used against High Value Targets in depth to support shaping activity for the counter offensive. Whilst exact numbers have not been released, it is likely that their use will be highly selective, and given the large payload, they will likely have the largest effect in the south, such as Crimea, which is in range (including a standoff from the FLET). Assessment of Russian defensive positions by Open-Source Intelligence (OSINT) imagery analysts continue to show significant defensive engineering preparation, including the use of underground bunkers within Crimea since the beginning of 2023. It is likely here where shaping activity will be required the most to attrit established Russian defensive lines and logistic nodes ahead of ground forces. Similarly, the Black Sea Fleet in Sevastopol will highly likely be considered an HVT, which is especially notable given its firing of cruise missiles against civilian and CNI targets within Ukraine in recent months. However, it is also likely that Ground Lines of Communication (GLOCs) from Russia which facilitate logistic supply of lethal aid and their corresponding storage facilities will also be a target. Regardless of the target, Storm Shadow will almost certainly require Russian military planners to reassess and mitigate against the increased threat it poses.
  • The publication of this cyber Joint Advisory will almost certainly have catastrophic consequences for the ability of Russian cyber espionage elements to gain access and accumulate information against strategic targets. Previous attacks on Critical National Infrastructure (CNI) and access to sensitive Government information across the world has been attributed to Snake, and in most cases organisations, particularly in the commercial or CNI sector, are unlikely to have been unaware of the implant until there have been a serious breach or loss of data. For this reason, it is unlikely that the effect of the joint advisory will be immediate, however, it is likely critical that organisations which consider themselves a potential target of Russian espionage refer to the technical data published by the US Cybersecurity and Infrastructure Security Agency (CISA) to implement the mitigation advice. It should also be noted that Russian Intelligence Services have cyber capability across all departments, and therefore other malware will almost certainly still be in operation.
  • Since February 2022, overall, there has been an increase in Russian hacking; both state-sponsored and affiliated, including overt and discreet collection of information and ransomware attacks. However, in the case of Snake, it utilises networks globally, facilitating access through Peer-to-Peer methodology, preferring to remain undetected and implanting into the infrastructure of networks to target further networks of strategic or intelligence interest. Other means with Snake tactics tools and procedures have included the falsification of login pages, emailed to employees seen within target organisations to obtain login credentials, which had been seen in late 2022 against three US nuclear laboratories.


  • The Russian Victory Day Parade took place in Moscow on 9 May 2023, a comparatively muted affair from previous years. Notably, only 8,000 RFAF ceremonial personnel took part, as did a single T-34 tank. Russian-state media, TASS, stated the scaled-back event had been due to security concerns, however it was still attended by President Putin and Belarusian President Alexander Lukashenko. President Putin’s speech made references to defeating Nazism in Ukraine and drew comparisons to the defeat of Nazism during the Second World War.

The single T-34 tank at the Victory Day Parade in Moscow, 9 May 2023, has incited both ridicule and dismay at the scale of Russian losses since February 2022. Source: @Osinttechnical

So What?

  • During the last reporting period, an unmanned aerial vehicle (UAV) exploded above the Kremlin, causing no damage. While the aim, the perpetrator, or its likelihood of a false flag attack cannot be verified, it is likely that this event played into the narrative to remove the requirement to provide the full-scale parade typically seen. Security concerns within Russia’s borders likely permit the state to act as it sees fit and to perpetuate the narrative that Russia is facing an existential threat. However, speculation amongst mil-bloggers and news outlets attributed the scaled-back parade and notable single T-34 tank to an unwillingness of the Kremlin to acknowledge the losses sustained, particularly to tanks since the invasion of Ukraine. However, the T-34 is a symbolic vehicle for the Soviet Red Army’s defeat of the Nazis. It is highly likely that the Kremlin’s justification to exclude other tanks as typically seen was to invoke the comparison that had been drawn in President Putin’s speech regarding Nazism in Ukraine and previously Germany. However, there had been no differentiation drawn between the war in Europe and the Special Military Operation in Ukraine. Although there continues to be no admission by the Kremlin of the Special Military Operation being a war, the conveying of current sacrifice and sentimentality for the past is still prevalent.

What Next?

It is likely that Russia will continue to focus its main effort on current operations on Bakhmut in the short term as it seeks to culminate its offensive ahead of the anticipated UAF counter offensive. As a result, it will likely continue to use untrained forces in the human waves continually seen in the battle of attrition in Bakhmut. Whilst Russia has managed to occupy all but one district of Bakhmut, the reported ceding of ground to UAF counter attacks shows it is likely exhausted and incoherent at all levels. It is likely though that Russia perceives the UAF counter offensive to start at a specific date and time, rather than rapidly responding to gaps in its defence, and has not used this time to rectify insufficiency in its command and control of ground forces. This emulates the previous UAF counter offensive in 2022 which saw UAF reoccupy large swathes of territory, through exploitation of lack of RFAF preparedness. Although, the RFAF have been establishing defensive lines, it is likely that even a stalemate will be considered sufficient for Russia. Yet, as President Zelensky alluded to regarding being prepared for a counter offensive, appropriate equipment is important for the survival of his forces, yet it is also important for the breaching of defences which require bridging, de-mining, and armoured vehicles; combined with long-range missile capability for shaping targeted areas. It is likely that the UAF is delicately trying to balance preparedness and responsiveness towards a successful the counter offensive, yet in the meantime very capably keeping Russia fixed in Bakhmut and the surrounding areas, slowing attriting forces and morale.