Vulkan’s leaked internal documents reveals cyberwar plans

Share post:

Internal documents from NTC Vulkan, a Russian cybersecurity contractor, have been leaked by a whistleblower. The “Vulkan Files” reveal that the contractor’s engineers work directly for Russian military and intelligence outfits, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks.

The Vulkan Files indicate that the contractor has particularly close ties with a GRU-affiliated advanced persistent threat group called Sandworm, responsible for attacks on the Ukraine power grid, distribution of the NotPetya malware in 2017, and attempting to disrupt the 2018 Winter Olympics opening ceremony.

The company is developing cyber attack tools for Sandworm, including a scanner called “Scan-V” meant to continually prowl the internet for vulnerabilities and log them for later use.

Another system called Crystal-2V trains hackers in the methods used to attack critical infrastructure and transportation systems. The documents connected with the Amezit system appear to show servers of interest throughout the United States, along with scattered other locations throughout the world (such as a nuclear power plant in Switzerland). The combination of documents indicates that the Russian cyberwar program sees both social media manipulation and hacking of foreign critical infrastructure as an intertwined mission.

Despite encompassing some 5,000 pages, the Vulkan Files are short on information in certain areas, such as the malware that the government uses, specific targets that it is eyeing in the near future, or “smoking gun” evidence linking Russian APT groups to specific cyberattacks. The documentation is more of a general overview of the Russian cyberwar efforts and what the country’s broad intentions are.

The leaked documents reveal that NTC Vulkan engineers work directly for Russian military and intelligence agencies, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks. The company purportedly does most of its business with major private companies in Russia but is essentially an extension of the government, according to the Vulkan Files.

The sources for this piece include an article in CPOMAGAZINE.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways