Guerre Russie-Ukraine 2022+ : Opérations militaires

[Akhilleus]

Il y a 5 heures, Manuel77 a dit :

D'accord, probablement. Mais quel est exactement leur problème ?

Disons que depuis un an, l'Ukraine dispose encore de nombreux systèmes radar, mais de peu de missiles. Selon ChatGPT, le Sentry ne peut détecter les avions volant à basse altitude qu'à une distance maximale de 400 km. Les Ukrainiens sont donc livrés à eux-mêmes jusqu'à Kiev. 

Quand les Russes lanceront-ils une campagne de type Wild Weasel avec des CH-31 et des vols à basse altitude pour se débarrasser des systèmes radar ? En ce qui concerne les cibles situées profondément en Ukraine, je continue de penser que les Russes pourraient couper l'électricité s'ils avaient la suprématie aérienne. La guerre serait gagnée.

Peu de missiles ? En relatif par rapport au début de la guerre peut être (tout ce qui est SA11/SA17 et S300 doit être tombé à un niveau rase moquette) mais ils ont été alimentés en Patriots (même si ca commence à ce raccourcir aussi de ce coté là) Hawk,Aspide, Crotales, NASAMs, IRIS-T, SAMP/T sans compter les systèmes anciens modernisés (SA3M) ou les frankenSAM (Supacat Archer et Buk Sparrow) ou tout bonnement des bricolages du dimanche (AA-R-73 sur remorque) et les tas de SHORAD fournis (Grom, Stinger + le stock de SA7/14/24 déjà en service)

Très divers, peu cohérent mais du coup plutot dense en systèmes (j'oublie la tripotée de canons AAA qui sur-rajoute une couche) de différentes portées, différentes signatures radars (ça c'est une plaie en SEAD, en particulier les systèmes anciens modernisés parceque souvent les "vieux" radars sont sortis des bibliothèques de menace) et couvrant toutes les couches d'approche

Le tout alimenté probablement par le rens occidental qui donne une marge de pré-alerte confortable 

Les russes en vol emportent toujours un kh-58 pour des tirs d'opportunité mais ils n'ont ni la doctrine, ni l'entrainement ni probablement l'envie de risquer des vols dédiés SEAD en particulier dans le contexte complexe décris au dessus

Le SEAD ca marche assez bien si ton adversaire est pré-aveuglé (lourd brouillage et vers informatiques dans le réseau de DA comme en Irak en 91, frappe sur les alimentations electriques du réseau de défense comme en Serbie en 99) mais seulement sur les systèmes fixes (rappel, le SEAD pendant la guerre du Kosovo a détruit 70-80% des sites fixes [2 sites SA2 sur 3 et 70% des 14 batteries de SA3)  mais seulement trois batteries sur les 22 SA6 mobiles SAM serbes avec pourtant des appareils dédiés comme des EAF18 Growlers et F16CJ, des pools de mission dédiés et un nombre de sorties aériennes infiniment mieux soutenu que ce que peuvent faire les russes, le tout face à une armée qui avait subi 10 ans d'embargo et sans appui externe)

Du coup, fait le ratio..... 

Dans le même contexte, je doute même que l'OTAN à la place des russes fasse beaucoup mieux de nos jours (ne serait ce que vis à vis de la quantité de systèmes a traiter et leur dispersion,

encore une fois, au pic de puissance l'OTAN n'a détruit que à peine un peu plus de 10% des systèmes mobiles moyenne portée serbe..... ca fait pas lourd et ça montre la difficulté de missions SEAD/DEAD (c'est pas magique contrairement à ce que a pu laisser penser l'exagération post GW1)

Modifié il y a 6 heures par Akhilleus

[Coriace]

il y a une heure, metkow a dit :

Les deux points chaud du moment c'est l'assaut en cours sur Povrosk et Kupiansk, et les deux autres a surveiller sont Siversk et Lyman 

A mon sens c'est Pokrovsk (et potentiellement Vovshansk) et les autres fronts (Siversk, Lyman, Kupiansk, Kostiantiniivka) sont secondaires. Mais j'imagine que c'est fonction de des métriques qu'on considère importante.

Dans mon cas c'est les batailles qui pourraient générer un déséquilibre, et qui sont gagnables par un des partis

[Patrick]

Il y a 2 heures, gustave a dit :

Pas vu cela. Un lien?

Les documents ont été partagés sur un énorme forum d'échange de données piratées. Première tentative le 7 juillet, qui a fait flop. Un mois plus tard ils remettent ça, l'attaque réputationnelle fonctionne, et ils balancent la documentation en clair sur le net sans rien faire payer à quiconque, Naval Group ayant refusé de céder au chantage.

Très étonnant pour des hackers habitués à vouloir faire de l'argent.

Et puis là, soudainement, juste dans la foulée, le forum en question est saisi par une opération conjointe du SBU Ukrainien, de la Police Judiciaire Française, et d'Europol.

Mais tout ceci n'est que pure coïncidence bien entendu. 

https://gbhackers.com/key-operator-of-worlds-largest-xss-dark-web/

 

Pour aller plus loin si le domaine t'intéresse:

https://vulners.com/krebs/KREBS:BAFEAE892A3E0F76A2EE651ECBCFBDDF

Who Got Arrested in the Raid on the XSS Crime Forum?

06 Aug 2025 14:12:37 Reported by BrianKrebsType  krebs krebsonsecurity.com

Europol arrested a 38-year-old XSS forum administrator Toha, linked to major cybercrime groups.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator ofXSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle “Toha.” Here’s a deep dive on what’s knowable about Toha, and a short stab at who got nabbed.

An unnamed 38-year-old man was arrested in Kiev last month on suspicion of administering the cybercrime forum XSS. Image: ssu.gov.ua.

Europol did not name the accused, but published partially obscured photos of him from the raid on his residence in Kiev. The police agency said the suspect acted as a trusted third party – arbitrating disputes between criminals – and guaranteeing the security of transactions on XSS. A statement from Ukraine’s SBU security service said XSS counted among its members many cybercriminals from various ransomware groups, including REvil,LockBit,Conti, andQiliin.

Since the Europol announcement, the XSS forum resurfaced at a new address on the deep web (reachable only via the anonymity network Tor). But from reviewing the recent posts, there appears to be little consensus among longtime members about the identity of the now-detained XSS administrator.

The most frequent comment regarding the arrest was a message of solidarity and support for Toha, the handle chosen by the longtime administrator of XSS and several other major Russian forums. Toha’s accounts on other forums have been silent since the raid.

Europol said the suspect has enjoyed a nearly 20-year career in cybercrime, which roughly lines up with Toha’s history. In 2005, Toha was a founding member of the Russian-speaking forum Hack-All. That is, until it got massively hacked a few months after its debut. In 2006, Toha rebranded the forum toexploit[.]in, which would go on to draw tens of thousands of members, including an eventual Who’s-Who of wanted cybercriminals.

Toha announced in 2018 that he was selling the Exploit forum, prompting rampant speculation on the forums that the buyer was secretly a Russian or Ukrainian government entity or front person. However, those suspicions were unsupported by evidence, and Toha vehemently denied the forum had been given over to authorities.

One of the oldest Russian-language cybercrime forums was DaMaGeLaB , which operated from 2004 to 2017, when its administrator “Ar3s” was arrested. In 2018, a partial backup of the DaMaGeLaB forum was reincarnated as xss[.]is, with Toha as its stated administrator.

CROSS-SITE GRIFTING

Clues about Toha’s early presence on the Internet – from ~2004 to 2010 – are available in the archives of Intel 471 , a cyber intelligence firm that tracks forum activity. Intel 471 shows Toha used the same email address across multiple forum accounts, including at Exploit,Antichat,Carder[.]suandinattack[.]ru.

DomainTools.com finds Toha’s email address –toschka2003@yandex.ru– was used to register at least a dozen domain names – most of them from the mid- to late 2000s. Apart from exploit[.]in and a domain calledixyq[.]com , the other domains registered to that email address end in .ua, the top-level domain for Ukraine (e.g. deleted.org[.]ua, lj.com[.]ua, and blogspot.org[.]ua).

A 2008 snapshot of a domain registered to toschka2003@yandex.ru and to Anton Medvedovsky in Kiev. Note the message at the bottom left, “Protected by Exploit,in.” Image: archive.org.

Nearly all of the domains registered to toschka2003@yandex.ru contain the name Anton Medvedovskiy in the registration records, except for the aforementioned ixyq[.]com, which is registered to the nameYuriy Avdeev in Moscow.

This Avdeev surname came up in a lengthy conversation with Lockbitsupp, the leader of the rapacious and destructive ransomware affiliate group Lockbit. The conversation took place in February 2024, when Lockbitsupp asked for help identifying Toha’s real-life identity.

In early 2024, the leader of the Lockbit ransomware group – Lockbitsupp – asked for help investigating the identity of the XSS administrator Toha, which he claimed was a Russian man named Anton Avdeev.

Lockbitsupp didn’t share why he wanted Toha’s details, but he maintained that Toha’s real name was Anton Avdeev. I declined to help Lockbitsupp in whatever revenge he was planning on Toha, but his question made me curious to look deeper.

It appears Lockbitsupp’s query was based on a now-deleted Twitter post from 2022, when a user by the name “3xp0rt” asserted that Toha was a Russian man named Anton Viktorovich Avdeev , born October 27, 1983.

Searching the web for Toha’s email address toschka2003@yandex.ru reveals a 2010 sales thread on the forum bmwclub.ru where a user named Honeypo was selling a 2007 BMW X5. The ad listed the contact person as Anton Avdeev and gave the contact phone number9588693.

A search on the phone number 9588693 in the breach tracking service Constella Intelligence finds plenty of official Russian government records with this number, date of birth and the name Anton Viktorovich Avdeev. For example, hacked Russian government records show this person has a Russian tax ID and SIN (Social Security number), and that they were flagged for traffic violations on several occasions by Moscow police; in 2004, 2006, 2009, and 2014.

Astute readers may have noticed by now that the ages of Mr. Avdeev (41) and the XSS admin arrested this month (38) are a bit off. This would seem to suggest that the person arrested is someone other than Mr. Avdeev, who did not respond to requests for comment.

A FLY ON THE WALL

For further insight on this question, KrebsOnSecurity sought comments from Sergeii Vovnenko , a former cybercriminal from Ukraine who now works at the security startupparanoidlab.com. I reached out to Vovnenko because for several years beginning around 2010 he was the owner and operator ofthesecure[.]biz , an encrypted “Jabber” instant messaging server that Europol said was operated by the suspect arrested in Kiev. Thesecure[.]biz grew quite popular among many of the top Russian-speaking cybercriminals because it scrupulously kept few records of its users’ activity, and its administrator was always a trusted member of the community.

The reason I know this historic tidbit is that in 2013, Vovnenko – using the hacker nicknames “Fly ,” and "Flycracker " – hatched a plan to have a gram of heroin purchased off of the Silk Road darknet market and shipped to our home in Northern Virginia. The scheme was to spoof a call from one of our neighbors to the local police, saying this guy Krebs down the street was a druggie who was having narcotics delivered to his home.

I happened to be lurking on Flycracker’s private cybercrime forum when his heroin-framing plan was carried out, and called the police myself before the smack eventually arrived in the U.S. Mail. Vovnenko was later arrested for unrelated cybercrime activities, extradited to the United States, convicted, and deported after a 16-month stay in the U.S. prison system [on several occasions, he has expressed heartfelt apologies for the incident, and we have since buried the hatchet].

Vovnenko said he purchased a device for cloning credit cards from Toha in 2009, and that Toha shipped the item from Russia. Vovnenko explained that he (Flycracker) was the owner and operator of thesecure[.]biz from 2010 until his arrest in 2014.

Vovnenko believes thesecure[.]biz was stolen while he was in jail, either by Toha and/or an XSS administrator who went by the nicknames N0klos and Sonic.

“When I was in jail, [the] admin of xss.is stole that domain, or probably N0klos bought XSS from Toha or vice versa,” Vovnenko said of the Jabber domain. “Nobody from [the forums] spoke with me after my jailtime, so I can only guess what really happened.”

N0klos was the owner and administrator of an early Russian-language cybercrime forum known as Darklife[.]ws. However, N0kl0s also appears to be a lifelong Russian resident, and in any case seems to have vanished from Russian cybercrime forums several years ago.

Asked whether he believes Toha was the XSS administrator who was arrested this month in Ukraine, Vovnenko maintained that Toha is Russian, and that “the French cops took the wrong guy.”

WHO IS TOHA?

So who did the Ukrainian police arrest in response to the investigation by the French authorities? It seems plausible that the BMW ad invoking Toha’s email address and the name and phone number of a Russian citizen was simply misdirection on Toha’s part – intended to confuse and throw off investigators. Perhaps this even explains the Avdeev surname surfacing in the registration records from one of Toha’s domains.

But sometimes the simplest answer is the correct one. “Toha” is a common Slavic nickname for someone with the first name “Anton,” and that matches the name in the registration records for more than a dozen domains tied to Toha’s toschka2003@yandex.ru email address: Anton Medvedovskiy.

Constella Intelligence finds there is an Anton Gannadievich Medvedovskiy living in Kiev who will be 38 years old in December. This individual owns the email addressitsmail@i.ua , as well an an Airbnb account featuring a profile photo of a man with roughly the same hairline as the suspect in the blurred photos released by the Ukrainian police. Mr. Medvedovskiy did not respond to a request for comment.

My take on the takedown is that the Ukrainian authorities likely arrested Medvedovskiy. Toha shared on DaMaGeLab in 2005 that he had recently finished the 11th grade and was studying at a university – a time when Mevedovskiy would have been around 18 years old. On Dec. 11, 2006, fellow Exploit members wished Toha a happy birthday. Records exposed in a 2022 hack at the Ukrainian public services portal diia.gov.ua show that Mr. Medvedovskiy’s birthday is Dec. 11, 1987.

The law enforcement action and resulting confusion about the identity of the detained has thrown the Russian cybercrime forum scene into disarray in recent weeks, with lengthy and heated arguments about XSS’s future spooling out across the forums.

XSS relaunched on a new Tor address shortly after the authorities plastered their seizure notice on the forum’s homepage, but all of the trusted moderators from the old forum were dismissed without explanation. Existing members saw their forum account balances drop to zero, and were asked to plunk down a deposit to register at the new forum. The new XSS “admin” said they were in contact with the previous owners and that the changes were to help rebuild security and trust within the community.

However, the new admin’s assurances appear to have done little to assuage the worst fears of the forum’s erstwhile members, most of whom seem to be keeping their distance from the relaunched site for now.

Indeed, if there is one common understanding amid all of these discussions about the seizure of XSS, it is that Ukrainian and French authorities now have several years worth of private messages between XSS forum users, as well as contact rosters and other user data linked to the seized Jabber server.

“The myth of the ‘trusted person’ is shattered,” the user “GordonBellford” cautioned on Aug. 3 in an Exploit forum thread about the XSS admin arrest. “The forum is run by strangers. They got everything. Two years of Jabber server logs. Full backup and forum database.”

GordonBellford continued:

> And the scariest thing is: this data array is not just an archive. It is material for analysis that has ALREADY BEEN DONE . With the help of modern tools, they see everything:
>
> Graphs of your contacts and activity.
> Relationships between nicknames, emails, password hashes and Jabber ID.
> Timestamps, IP addresses and digital fingerprints.
> Your unique writing style, phraseology, punctuation, consistency of grammatical errors, and even typical typos that will link your accounts on different platforms.
>
> They are not looking for a needle in a haystack. They simply sifted the haystack through the AI sieve and got ready-made dossiers.

Modifié il y a 5 heures par Patrick