June 23. 2024. 1:47

The Daily

Read the World Today

Vulkan Files reveal Russia’s cyberwarfare strategy


A Russian cybersecurity company that calls the Kremlin and its agencies clients, has been laid bare in a cross-border investigation following a disgruntled employee’s leak of thousands of internal documents, giving a unique insight into Moscow’s modus operandi.

The ‘Vulkan Files‘, published on Thursday (30 March), relate to Russian company RTV Vulkan and shed light on how closely classical military, cyber operations, and psychological warfare intertwine under Moscow’s leadership.

“Thousands of pages of secret documents reveal how the Moscow-based defence contractor NTC Vulkan helped Russian intelligence agencies to strengthen their ability to launch cyberattacks, sow disinformation and surveil the internet. The investigation uncovered NTC Vulkan’s links to ‘Sandworm’ and ‘Cozy Bear’”, writes Paper Trail Media.

The leak reveals evidence of tools used to influence social media discussion, surveil and spy, manipulate public opinion, interfere in elections, and censor. It also shows the close relationship between Russian intelligence agencies and the company, who have been regulars on the speaking circuit on topics such as the fight against digital ‘extremism’.

Background

The leaked files include internal documents and agreements with software manufacturers as well as providing a de facto client list including the intelligence service for internal affairs, FSB, the foreign intelligence service, SWR, the military intelligence service GRU, and the GRU-unit 74455: hacker group Sandworm- a group likely responsible for power blackouts in Ukraine and actively supported the Russian invasion.

The Russian cybersecurity company was previously accused by the Google Threat Analysis Group, TAG, of involvement in a malware campaign by the Russian hacker group ‘Cozy Bear’, dating back to 2012.

German secret service warns of Russian cyberattacks

Germany could face an increased threat of cyberattacks on its critical infrastructure, political and military institutions, and businesses, the national intelligence agency has warned in a safety note on the war in Ukraine.

“As a reaction to the most recent sanctions …

The details at a glance

The leaked documents describe various tools, including those for detecting security vulnerabilities and planning attacks against network infrastructure, censorship, disinformation, and surveillance.

1. Scan-V

Pursued since 2018, one of the tools for digital interception of enemies is called Scan-V. A digital interception tool used since 2018, Scan-V, collects information about the target, such as the network structure, departments, and employees, to spy from a distance. Knowledge acquisition is partially based on public sources, including websites informing about security loopholes. As part of a larger tool, it scans target systems for vulnerabilities to coordinate the attacks internally. All points of vulnerability are logged and stored in a database.

2. Amezit

The tool Amezit is designed for censorship, surveillance, and disinformation but also for detecting the loopholes and security gaps in the software of specific telecom equipment from companies such as Huawei, Juniper, and Cisco. To disrupt network traffic, known pages are imitated and false or manipulated content is spread there.

The ‘Vulkan Files’ international research team identified several hundred accounts on Twitter that could be directly or indirectly linked to the documents.

To be unable to attribute Russian identity to these activities and small details, instructions include the creation of mail accounts at Gmail, Yahoo, and Hotmail, as well as payment transactions with cryptocurrency or prepaid credit cards. Furthermore, subsystem LPI/Legend aims to disguise the origin of data by either removing metadata or even deliberately falsifying it.

US, UK join EU in decrying Russian cyberattack on satellite network

Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline at the onset of Russia-Ukraine war, the United States, Britain, Canada, Estonia and the European Union said on Tuesday (10 May).

3. Crystal-2V

Crystal-2V concerns targeted attacks on critical infrastructure, including train and air traffic, electricity, and water supply. According to the ‘Vulkan Files’, it was in the simulation stage as there was no evidence it was ever used.

4. Project Fraction

Project Fraction monitors regime-critical activities inside its borders and flags them. By assessing the mass evaluation of posts in social media, including Facebook, Twitter as well as the Russian VKontakte and Odnoklassniki, AI machines are deployed to highlight ‘dangerous’ content.

The European Commission had not reacted to news of the leak at the time of publication, but German Federal Minister of the Interior Nancy Faeser said it is necessary to counter attacks, not counter-attack.

“The point is not to counter-attack aggressively. However, it is, of course, a case of ensuring we have the powers to detect and stop the attacks. These competencies are needed,” she said.

Italy target of major Russia-linked cyberattack, again

Pro-Russian hacker group Killnet and its affiliate Legion targeted thousands of websites, including government websites, in a coordinated cyberattack on Friday, Italian police reported.

Russian hackers used DDoS attacks to target the foreign ministry’s website, the education and cultural heritage ministry, …