Go to listing page

Inside Kremlin's Cyber Arsenal: Unveiling the Secrets of Vulkan Files

Inside Kremlin's Cyber Arsenal: Unveiling the Secrets of Vulkan Files
Recently, a whistleblower leaked several sensitive documents related to the development of offensive tools by the Moscow-based IT contractor firm NTC Vulkan. These documents allegedly demonstrate how the firm is helping in the development of hacking tools, not just for Russian military and intelligence agencies, but also for the Russia-linked APT group Sandworm.

What has been revealed?

Journalists from several renowned international news agencies from several countries, including Germany, the U.K,  Austria, the U.S., Switzerland, and France, published a report describing the leaked documents as The Vulkan Files.
  • The leaked documents, dated between 2016 and 2020, describe the requirements of various project contracts signed between NTC Vulkan and the Russian Ministry of Defense. At least one document included a contract with the GRU Unit 74455, commonly known as the Sandworm Team.
  • The projects comprise the development of tools and a red team hacking platform for several offensive cyber activities, including IT and OT attacks, and cyberespionage.
  • These documents, reportedly analyzed by five intelligence agencies, describe the tools used in several global cyber operations, including the blackout in Ukraine, the development of the NotPetya malware, and the attacks on the Olympics in South Korea.

Additional details about the projects

The leaked documents specifically cover details of three projects, named Scan, Amesit, and Krystal-2B. 
  • Scan (or Scan-V) is a comprehensive framework, comprising several methods for collecting data (vulnerabilities, configurations, and network details) at a large scale. It, further, includes detailed documentation on ways to store and handle such massive data in a structured database. 
  • Amesit framework is used to manage and control the full information operations lifecycle, amplifying the psychological effects on the readers. It is used to create content supporting a specific narrative, establish ways to publish and promote that content, and assess the effectiveness of an operation.
  • Krystal-2B is a training platform for practicing coordinated IO/OT attacks on transportation and utility infrastructure. It is said to be used for both offensive and defensive exercises. 

The bottom line

The leaked Vulkan documents indicate that Russian intelligence agencies and adversaries are making continuous efforts to enhance the attack efficiency. In addition to coordinated attacks against critical infrastructure, these enhanced platforms are capable of amplifying the psychological impact on the targeted masses. All these projects point toward a common set of goals of strategic information confrontation via cyber operations.
Cyware Publisher

Publisher

Cyware