Leaked ‘Vulkan files’ reveal Putin’s global and domestic cyber warfare tactics, report says Guardian.

An inconspicuous office is located in the northeastern suburbs of Moscow. A sign reads: “Business Center.” Nearby are modern housing blocks and a busy old cemetery, where there are ivy-covered war memorials. The area is where Peter the Great once trained his mighty army.

Inside the six-story building, a new generation is helping Russian military operations. His weapons are more advanced than those of the time of Peter the Great: not pikes and alburas, but cyberattack and disinformation tools.

The software engineers behind these systems are employees of NTC Vulkan. On the surface, it looks like an unusual cyber consulting firm. However, a leak of secret files from the company revealed its work boosting Vladimir Putin’s cyberwarfare capabilities.

Thousands of pages of secret documents reveal how Vulkan engineers worked for Russian military and intelligence agencies to support hacking operations, train agents ahead of attacks on national infrastructure, spread disinformation and control parts of the Internet.

The company’s work is linked to the Federal Security Service, or FSB, the domestic spy agency. The operational and intelligence departments of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence agency.

A document links Vulkan’s cyberattack to the infamous Sandworm hacking group, which the US government has twice cited as causing a blackout in Ukraine, disrupting the Olympics in South Korea and releasing NotPetya, the most economically devastating malware in history. Codenamed Scan-V, it searches the web for vulnerabilities, which are then stored for use in future cyber attacks.

Another system, known as Amezit, is a plan to monitor and control the internet in Russian-controlled areas and also enables disinformation through fake social media profiles. A third system built by Vulkan – Crystal-2V – is a training program for cyber-operators in the methods needed to take down rail, air and sea infrastructure. A file explaining the software states: “The privacy level of information processed and stored in the product is ‘Top Secret.’

The Vulkan files, which date from 2016 to 2021, were leaked by an anonymous whistleblower who was angered by Russia’s war in Ukraine. Such leaks from Moscow are extremely rare. Days after the hack in February last year, the source approached German newspaper Süddeutsche Zeitung and said the GRU and FSB were “hiding behind” Vulkan.

“People need to know the dangers of this,” the whistleblower said. “Due to the events in Ukraine, I decided to make this information public. The company is doing bad things and the Russian government is cowardly and wrong. I am angry about the invasion of Ukraine and the terrible things that are happening there. I hope you can use this information to show what goes on behind closed doors.”

The source later shared the data and more information with Munich-based investigative startup Paper Trail Media. For several months, journalists working for 11 media outlets, including the Guardian, Washington Post and Le Monde, have been investigating the files in a consortium led by Paper Trail Media and Der Spiegel.

Five Western intelligence agencies have confirmed that the Vulkan files appear to be authentic. The company and the Kremlin did not respond to multiple requests for comment.

The leak contains emails, internal documents, project plans, budgets and contracts. They offer insights into the Kremlin’s sweeping cyber efforts as it pursues a brutal war against Ukraine. It is not known whether the tools made by Vulkan have been used to attack any company, in Ukraine or elsewhere.

But Russian hackers are known to have repeatedly targeted Ukrainian computer networks. An ongoing campaign. Since last year’s invasion, Moscow’s missiles have pounded Kiev and other cities, destroying critical infrastructure and leaving the country in darkness.

Analysts say Russia is also engaged in an ongoing conflict with what it perceives as its enemy, the West, including the US, UK, EU, Canada, Australia and New Zealand, which have developed their own their sophisticated cyber attack capabilities. digital arms race.

Some of the leaked documents contain illustrative examples of potential targets. One contains a map showing dots in the US. Another contains the details of a nuclear power plant in Switzerland.

A document shows engineers recommending Russia add to its capabilities using hacking tools stolen in 2016 from the US National Security Agency and posted online.

John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant, which reviewed the material at the consortium’s request, said: “These documents suggest that Russia sees attacks on critical civilian infrastructure and manipulation of social media as part of the same mission, which is essentially an attack on the enemy’s will to fight.”

What is Vulkan?

The company is part of Russia’s military-industrial complex. This underground world includes spy agencies, commercial companies and institutions of higher learning. Specialists such as programmers and engineers move from one industry to another. Secret state actors rely heavily on private sector expertise.

Vulkan was released at a time when Russia was rapidly expanding its cyber capabilities. Traditionally, the FSB has been at the forefront of cyber affairs. In 2012, Putin appointed the ambitious and energetic Sergei Shoigu as defense minister. Shoigu – who is in charge of Russia’s war in Ukraine – wanted his own cyber troops, reporting directly to him.

Since 2011 Vulkan has received special government licenses to work on classified military projects and state secrets. It is a medium-sized technology company with more than 120 employees – about 60 of whom are software developers. It is not known how many private contractors have been granted access to such sensitive projects in Russia, but some estimates suggest there are no more than a dozen.

Vulkan’s corporate culture is more Silicon Valley than spy agency. It has a staff football team and motivational emails with fitness tips and employee birthday celebrations. There’s even an upbeat tagline: “Make the world a better place” featured in a glossy promotional video.

Vulkan says it specializes in “information security.” Officially, its clients are large Russian state-owned companies. They include Sberbank, the country’s largest bank. the national airline Aeroflot and Russian Railways. “The work was fun. We used the latest technologies,” said a former employee who eventually left after becoming disillusioned with the job. “People were really smart. And the money was good, well above the usual rate of interest.”

In addition to technical expertise, these generous salaries bought the expectation of discretion. Some of the staff are graduates of Bauman Moscow State Technical University, which has a long history of “offering” recruits to the defense ministry. Workflows are organized around principles of strict operational secrecy, with staff never being told what other departments are working on.

The company’s ethos is patriotic, the leak suggests. On New Year’s Eve 2019, an employee created a lightweight Microsoft Excel file with Soviet military music and a picture of a bear. Next to it were the words: ‘APT Magma Bear’. The report concerns Russian state hacking groups such as Cozy Bear and Fancy Bear, and appears to point to Vulkan’s own shadowy activities.