Leaked documents from Russian cybersecurity consultancy NTC Vulkan have revealed how the firm’s software engineers have been working with military and intelligence agencies to boost Russia’s cyberwarfare capabilities. The files, which date from 2016 to 2021, detail the development of tools for hacking operations, the training of operatives before attacks on infrastructure, the spread of disinformation, and control over sections of the internet.
The work is linked to the FSB, the GRU, and the SVR. The files were leaked by an anonymous whistleblower angered by Russia’s war in Ukraine.
It is not known whether the tools built by Vulkan have been used in real-world attacks. Five western intelligence agencies have confirmed that the files appear to be authentic.
One tool, known as Scan-V, scours the internet for vulnerabilities, which are then stored for future cyber-attacks. Another, known as Amezit, amounts to a blueprint for surveilling and controlling the internet in regions under Russia’s command, and also enables disinformation via fake social media profiles.
A third tool, Crystal-2V, is a training program for cyber-operatives in the methods required to bring down rail, air, and sea infrastructure. One file states that the “level of secrecy of processed and stored information in the product is ‘Top Secret’.”
The leak includes emails, internal documents, project plans, budgets, and contracts, and provides insight into the Kremlin’s sweeping efforts in the cyber-realm.
Analysts suggest that Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight.
The leak also shows engineers recommending that Russia add to its own capabilities by using hacking tools stolen in 2016 from the US National Security Agency and posted online. The Kremlin and Vulkan have not responded to requests for comment.
