April 5, 2023
Internal documents from NTC Vulkan, a Russian cybersecurity contractor, have been leaked by a whistleblower. The “Vulkan Files” reveal that the contractor’s engineers work directly for Russian military and intelligence outfits, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks.
The Vulkan Files indicate that the contractor has particularly close ties with a GRU-affiliated advanced persistent threat group called Sandworm, responsible for attacks on the Ukraine power grid, distribution of the NotPetya malware in 2017, and attempting to disrupt the 2018 Winter Olympics opening ceremony.
The company is developing cyber attack tools for Sandworm, including a scanner called “Scan-V” meant to continually prowl the internet for vulnerabilities and log them for later use.
Another system called Crystal-2V trains hackers in the methods used to attack critical infrastructure and transportation systems. The documents connected with the Amezit system appear to show servers of interest throughout the United States, along with scattered other locations throughout the world (such as a nuclear power plant in Switzerland). The combination of documents indicates that the Russian cyberwar program sees both social media manipulation and hacking of foreign critical infrastructure as an intertwined mission.
Despite encompassing some 5,000 pages, the Vulkan Files are short on information in certain areas, such as the malware that the government uses, specific targets that it is eyeing in the near future, or “smoking gun” evidence linking Russian APT groups to specific cyberattacks. The documentation is more of a general overview of the Russian cyberwar efforts and what the country’s broad intentions are.
The leaked documents reveal that NTC Vulkan engineers work directly for Russian military and intelligence agencies, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks. The company purportedly does most of its business with major private companies in Russia but is essentially an extension of the government, according to the Vulkan Files.
The sources for this piece include an article in CPOMAGAZINE.
