Full Report
We will publish additional calls, with subtitles, in the following days. Call at 07:55:22 on 24 January 2015. “Gorets” gives first command to fire at will. Call at 10:36:40 on 24 January 2015. Artillery Direction Officer “Pepel” Call at 14:12:12 on 24 January 2015. General Yaroschuk instructs suspension of shelling due to OSCE commission arrival […] The post Audio Collection – Shelling of Mariupol, January 2015 appeared first on bellingcat.
Analysis Summary
This document is summarizing an **investigative report concerning military communications** related to the shelling of Mariupol, not a typical cybersecurity incident involving network intrusions or data breaches in a corporate IT environment. Therefore, the standard Incident Response categories (Attack Vectors, IOCs, Data Exfiltration, etc.) will be adapted to reflect the nature of the findings (geopolitical/military investigation based on audio evidence).
# Incident Report: Communications Analysis of Mariupol Shelling (January 2015)
## Executive Summary
This analysis is based on a collection of audio recordings published by Bellingcat detailing communications surrounding the shelling of Mariupol, Ukraine, on January 24, 2015. The evidence tracks the initiation of artillery fire, subsequent command decisions, and attempts to conceal military assets from international observers (OSCE).
## Incident Details
- Discovery Date: May 10, 2018 (Date of Bellingcat publication/analysis)
- Incident Date: January 24, 2015
- Affected Organization: None (Incident pertains to military operations/civilian infrastructure damage)
- Sector: Military/Conflict Zone Intelligence
- Geography: Mariupol, Ukraine
## Timeline of Events
### Initial Access (Receiving Orders/Initiating Fire)
- Date/Time: January 24, 2015, 07:55:22
- Vector: Command execution via communication channel.
- Details: A figure identified as "Gorets" issued the first command to fire at will.
### Command Activities & Evasion
- Date/Time: January 24, 2015, 10:36:40
- Details: Artillery Direction Officer "Pepel" makes an admission (details provided in separate audio).
- Date/Time: January 24, 2015, 14:12:12
- Details: General Yaroschuk instructed forces to suspend shelling due to the impending arrival of the OSCE commission.
- Date/Time: January 24, 2015, 14:36:45
- Details: Instructions were given to battery commanders to disguise launch units from the OSCE monitoring team.
### Documentation/Further Intelligence Confirmation
- Date/Time: February 02, 2015, 20:46:12
- Details: "Gorets" explained to a subordinate that Russian officers operate across the border without documentation or license plates, suggesting foreign military involvement.
## Attack Methodology (Adapted to Investigative Findings)
- Initial Access: Direct command (verbal order) initiated military action.
- Persistence: Continuous military operation throughout the day, paused briefly for observation evasion.
- Privilege Escalation: Not applicable (Military chain of command).
- Defense Evasion: Active measures taken to hide military assets (launch units) from the OSCE.
- Credential Access: Not applicable.
- Discovery: Intelligence gathering through monitoring and recovery of intercepted/leaked communications (audio recordings).
- Lateral Movement: Not applicable (Relates to command structure movement).
- Collection: Audio recordings captured command instructions and operational details.
- Exfiltration: Not applicable (This report is the act of information disclosure).
- Impact: Direct shelling of civilian area, followed by attempted concealment of origins.
## Impact Assessment
- Financial: Not disclosed/Applicable (Focus is on conflict accountability).
- Data Breach: N/A (No IT systems breached; evidence is intercepted communications).
- Operational: Significant civilian destruction and casualties resulting from the shelling event.
- Reputational: Findings implicate specific military actors/states in the violation of established ceasefires/agreements.
## Indicators of Compromise (Adapted to Locational/Material Indicators)
- Network indicators: N/A (Communication channels were monitored, not breached).
- File indicators: Audio files detailing specific events and commands (e.g., the `.mp4` recordings).
- Behavioral indicators: Specific verbal indicators such as "Gorets" giving fire commands, and discussions regarding border crossings by Russian personnel without official identification.
## Response Actions (Investigative & Political Context)
- Containment measures: The shelling was temporarily suspended following the arrival of the OSCE commission.
- Eradication steps: Not applicable to this investigative summary.
- Recovery actions: The primary response was the publication of the evidence assembly by Bellingcat for accountability purposes.
## Lessons Learned
- Key takeaways: Command structure and real-time operational directives were captured via electronic communications on the day of the shelling.
- What could have been done better: Military actors could have adhered to agreements to avoid international scrutiny (e.g., not operating without proper identification or attempting to mask assets).
## Recommendations (For Future Investigations/Accountability)
- Prevention measures for similar incidents: Enhanced monitoring and transparency requirements for international observer missions (like the OSCE) operating in conflict zones to verify compliance signals (e.g., artillery ceasefires) immediately.