In a northeastern suburb of Moscow, behind the walls of a cybersecurity consulting firm, NTC Vulkan engineers help Russia’s intelligence agencies strengthen their hacking operations, launch cyberattacks, sow disinformation, train agents on how to ambush national infrastructure, and monitor sections of the internet, The Vulkan Files, an international investigative project based on thousands of confidential corporate documents, indicated. This research, under a consortium led by Paper Trail Media and Der Speigel, compiles reports from more than 50 journalists from 11 news organizations worldwide such as The Washington Post and France’s Le Monde.
“Cyberattacks are constantly evolving, so countries must always be evaluating and improving their defenses to stay ahead of potential attackers,” Mario Orellana, a consultant and cybersecurity specialist with IT governance organization ISACA San Salvador, told Diálogo on May 25. “That means strengthening their infrastructure […], investing in security technology, training their personnel, and establishing effective protocols. In addition, countries must share information and coordinate their responses to cyberthreats.”
More than 5,000 pages of documents provide details on the software and databases that Russian intelligence agencies and hacking groups use to accurately identify vulnerabilities, coordinate attacks, and monitor the online activity of their targets around the globe, Argentine news site Infobae reported.
“These documents suggest that Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight,” John Hultquist, vice president of intelligence analysis at U.S. cybersecurity firm Mandiant, told The Guardian.
The documents reveal that NTC Vulkan supports operations that include both social media disinformation and training to remotely disrupt real-world targets such as maritime, air, and railway control systems, Infobae added.
The documents, according to The Washington Post, “open a rare window into the secretive world of Russia’s intelligence agencies, including the notorious Sandworm hacking group that twice shut down Ukraine’s power grid, disrupted the 2018 Winter Olympics, and in 2017 launched NotPetya, the most economically destructive cyber-blackmail program.”
“Cyberattacks have a significant impact on people’s lives by generating power outages, disrupting telephone and computer networks, and paralyzing computer systems of cities or entire countries,” Orellana said. “Cyberattacks also result in identity theft and theft of bank accounts and medical records.”
The Vulkan Files also show how the Russian military hired a contractor to build a domestic automated propaganda system, The Guardian reported. This allows the military to develop large-scale covert disinformation operations on social networks and the internet and create accounts with stolen photos, videos, and names. As such, pretending to be real people, they manage the profiles for months to create a realistic digital footprint.
The Vulkan’s software is also designed to time online activities realistically, The Washington Post reported. “Once created the fake accounts are used to post information, add friends, send direct messages, upload photos and videos, and click ‘Like’ on others’ posts.”
According to Argentine daily Clarín, Russian intelligence agencies found an experienced ally in NTC Vulkan, as the company specializes in the design of systems and components for rockets, jet engines, drones, navigation equipment, and control systems. It is also involved in several projects for the Russian government and other domestic and international customers.
“The leak also corroborates the view of many strategists: that the Russian government regards offensive cyber capabilities as part of a holistic effort to degrade its enemies,” Matthew Sussex, a fellow at Australian National University’s Center for Strategic and Defence Studies, said in an opinion piece for Australian news site The Conversation. “This includes sowing mistrust via social media, the gathering of kompromat [compromising material] and the ability to target crucial infrastructure.”
NTC Vulkan declined to respond to questions about these findings, publications that took part in this investigation reported. Kremlin officials also stayed mum.