A whistleblower has just unveiled a large database that explains in detail Russian techniques for waging its cyberwar against Ukraine and Western countries.
For years now, Russia has been ramping up cyberattacks against Western institutions and businesses. In recent months, France has been hit several times. We remember, for example, these three French airports targeted by hackers linked to the Kremlin in March 2023. Or the attack carried out against the site of the National Assembly just a few days ago.
Faced with the regularity of these actions, a question arises: how does Russia organize this cyberwar? A Russian whistleblower has just unveiled a gigantic databasewhich explains in detail the methods used by the Russian authorities. In any case, everything starts from a Russian company: Vulkan NTC.
Vulkan NTC, the IT consulting firm recycled in cyber warfare
Beneath its image of a simple company specializing in computer security, there is in truth Russia’s top cyber threat actor. These thousands of secret documents reveal how Vulkan engineers worked for the Russian military and intelligence services like the FSB, the GRU (the General Directorate of Intelligence of the Armed Forces) and the SVR (external intelligence services). Their tasks are diverse:
- foment and launch hacking operations
- train agents
- spread misinformation
- control sections of the internet
Also read: Ukraine automates cyberattacks against Russia
A source reveals everything on behalf of Ukraine
These 5,299 pages full of confidential information were shared by an anonymous source, motivated to disrupt Russia’s abuses in Ukraine. This whistleblower contacted the German newspaper Süddeutsche Zeitung shortly after the start of the conflict in February 2022.
“Due to events in Ukraine, I have decided to make this information public. The company is doing bad things and the Russian government is cowardly and wrong. I am angry about the invasion of Ukraine and the terrible things that are happening there. I hope you can use this information to show what is happening behind those closed doors.” he declares.
Vulkan helped Sandworm hackers
These documents contain detailed explanations of the methods used by Vulkan. For example, a document establishes a concrete link between the company and the hacker group Sandworm, a collective supposedly attached to the Kremlin. According to the US government, this entity twice caused major power outages in Ukraine, while it also disrupted the smooth running of the Olympic Games in South Korea.
But Sandworm is best known for launching the NotPetya ransomware in 2017. Back then, this malware was used to paralyze several Ukrainian banks and administrations, including the energy supplier of the Kyiv region. The Chernobyl power plant’s radiation control system was also affected.
Russian internet monitoring and training software for hackers
To maximize the effectiveness of his attacks, Vulkan relies on software called Scan-V. His mission ? Search the web for vulnerabilities and security flaws which are then listed for possible exploitation. Another system, called Amezitlooks like a internet monitoring and control plan in regions under Russian jurisdiction. It is also a misinformation machine, capable of creating fake social media profiles and sharing fake news.
Finally, let’s look at another system, namely Crystal-2V. It manifests as a training program for cyberattackers. It includes methods for disrupting railway, port and air infrastructure activities. It is further stated that “the level of confidentiality of the information processed and stored in the software is Top Secret”.
For several months now, important media among The Guardian, the Washington Post and even Le Monde, came together as part of a consortium (led by the German daily Der Spiegel and the investigation company Paper Trail Media) to go through the “Vulkan Files”. In the meantime, five Western intelligence agencies have confirmed the authenticity of the files shared by the source. Unsurprisingly, both Vulkan NPC and the Kremlin have yet to comment on these revelations.
Source : The Guardian
