Lifting the Veil on Russia's Cyber Warfare Prowess

“The leaked documents expose the vast network underpinning Russia's cyber attacks, the state-sponsored Sandworm hacking group, and links to other cyber criminal organisations.”
Empty space, drag to resize

The ongoing conflict in Ukraine has cast a spotlight on the capabilities of the Russian state. While Western powers frequently portray Russia as weak, a recent massive leak of over 5,000 documents tells a different story. Dubbed "Putin's Vulkan Files," the documents unveil Russia's significant advancements in cyber warfare and the extensive network that fuels its cyber operations.

Moscow-Based Defence Contractor: NTC Vulkan
At the core of Russia's cyber warfare capabilities lies NTC Vulkan, a defence contractor based in Moscow. The firm specialises in crafting software to execute cyber attacks, collaborating closely with the Russian military. NTC Vulkan is merely one element of the intricate web of hackers, agents, and private entities that comprise the backbone of Russia's cyber power.

The Russian State's Three Main Programmes:
The leaked documents disclose that Russian state security operates three main programmes: Amezi, Scan-V, and Crystal-2V. Amezi and Scan-V are tasked with enabling social media disinformation campaigns and pinpointing targets susceptible to hacking. Crystal-2V, on the other hand, is devoted to high-stakes operations aimed at critical infrastructure of adversaries.

Targets and Geopolitical Objectives:
The leaked documents reveal Russia's primary targets as the United States and Europe. The Russian state identifies and sponsors targets, while NTC Vulkan develops the tools for cyber warfare. The third component of this equation consists of Russia's cyber warriors, the hacking groups responsible for executing the attacks.

Empty space, drag to resize
Empty space, drag to resize
The Sandworm Hacking Group:
The Vulkan Files identify a hacking group called Sandworm, a unit of the Russian military with the codename 74455. Tools crafted by NTC Vulkan have found their way into Sandworm's hands, which has been implicated in several high-profile cyber attacks. These include the 2018 Winter Olympics disruption in South Korea, the 2017 NotPetya attack on Ukraine, and power blackouts in Ukraine on at least two occasions. Sandworm is now believed to be actively supporting the Russian invasion.

Links to Other Cyber Criminal Groups:
The Vulkan Files also highlight the known connections between the GRU (Russian Military Intelligence) and other cyber criminal organisations, such as the Conti ransomware group. The Conti group was responsible for the devastating cyber attack on Ireland's Health Service Executive (HSE) in 2021, demonstrating the far-reaching implications of Russia's cyber warfare network.

Implications and Future Developments:
Putin's Vulkan Files underscore the extent of Russia's mastery in cyber warfare, with experts suggesting that Moscow is ramping up its efforts. Instances of cyber attacks are increasing, and Ukraine's European allies are emerging as new targets. These leaked documents emphasise the urgent need for Ukraine and the West to devise countermeasures to safeguard their critical infrastructure and counter Russia's expanding cyber capabilities.

Remember Knowledge is Power! You can learn more about the world of Cyber Warfare, the Global Cyber Threat Landscape and how to defend against the risks through education at the Cyber Risk Academy.

Paul C Dwyer is the  ICTTF President, recognised as one of the world’s foremost experts on cyber security, risk and privacy.
Connect to Paul here.