BEST OF THE WEB

Vulkan’s leaked internal documents reveals cyberwar plans

Internal documents from NTC Vulkan, a Russian cybersecurity contractor, have been leaked by a whistleblower. The “Vulkan Files” reveal that the contractor’s engineers work directly for Russian military and intelligence outfits, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks.

The Vulkan Files indicate that the contractor has particularly close ties with a GRU-affiliated advanced persistent threat group called Sandworm, responsible for attacks on the Ukraine power grid, distribution of the NotPetya malware in 2017, and attempting to disrupt the 2018 Winter Olympics opening ceremony.

The company is developing cyber attack tools for Sandworm, including a scanner called “Scan-V” meant to continually prowl the internet for vulnerabilities and log them for later use.

Another system called Crystal-2V trains hackers in the methods used to attack critical infrastructure and transportation systems. The documents connected with the Amezit system appear to show servers of interest throughout the United States, along with scattered other locations throughout the world (such as a nuclear power plant in Switzerland). The combination of documents indicates that the Russian cyberwar program sees both social media manipulation and hacking of foreign critical infrastructure as an intertwined mission.

Despite encompassing some 5,000 pages, the Vulkan Files are short on information in certain areas, such as the malware that the government uses, specific targets that it is eyeing in the near future, or “smoking gun” evidence linking Russian APT groups to specific cyberattacks. The documentation is more of a general overview of the Russian cyberwar efforts and what the country’s broad intentions are.

The leaked documents reveal that NTC Vulkan engineers work directly for Russian military and intelligence agencies, training state-backed hackers, running disinformation campaigns, and providing support for cyberattacks. The company purportedly does most of its business with major private companies in Russia but is essentially an extension of the government, according to the Vulkan Files.

The sources for this piece include an article in CPOMAGAZINE.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web