‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

It's been a while since we've had a "Somethings File" whistleblower leak... So, just in time to save us from utter boredom, here it is:

The Vulkan Files (love the Trekkie-style name).

The article is very long, so here are just some juicy parts to whet your appetite [for destruction].

Overview:

- Private Moscow consultancy bolstering Russian cyberwarfare

- Tools support hacking operations and attacks on infrastructure

- Documents linked to notorious Russian hacking group Sandworm

- Russian program aims to control internet and spread disinformatio

This investigation has been a cross-media collaboration between:

The Guardian, Washington Post and Le Monde, have investigated the files in a consortium led by Paper Trail Media and Der Spiegel.

Five western intelligence agencies confirmed the Vulkan files appear to be authentic. The company and the Kremlin did not respond to multiple requests for comment.

Source www.theguardian.com...

The Whistleblower: Documents leaked by whistleblower angry over Ukraine war.

The Vulkan files, which date from 2016 to 2021, were leaked by an anonymous whistleblower angered by Russia’s war in Ukraine. Such leaks from Moscow are extremely rare. Days after the invasion in February last year, the source approached the German newspaper Süddeutsche Zeitung and said the GRU and FSB “hide behind” Vulkan.

“People should know the dangers of this,” the whistleblower said. “Because of the events in Ukraine, I decided to make this information public. The company is doing bad things and the Russian government is cowardly and wrong. I am angry about the invasion of Ukraine and the terrible things that are happening there. I hope you can use this information to show what is happening behind closed doors.”

The Contents:

The leak contains emails, internal documents, project plans, budgets and contracts. They offer insight into the Kremlin’s sweeping efforts in the cyber-realm, at a time when it is pursuing a brutal war against Ukraine. It is not known whether the tools built by Vulkan have been used for real-world attacks, in Ukraine or elsewhere.

Spying, hacking, training, disinformation tools, election manipulation and domestic propaganda:

One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Another system, known as Amezit, amounts to a blueprint for surveilling and controlling the internet in regions under Russia’s command, and also enables disinformation via fake social media profiles. A third Vulkan-built system – Crystal-2V – is a training program for cyber-operatives in the methods required to bring down rail, air and sea infrastructure. A file explaining the software states: “The level of secrecy of processed and stored information in the product is ‘Top Secret’.”

One of Vulkan’s most far-reaching projects was carried out with the blessing of the Kremlin’s most infamous unit of cyberwarriors, known as Sandworm. According to US prosecutors and western governments, over the past decade Sandworm has been responsible for hacking operations on an astonishing scale. It has carried out numerous malign acts: political manipulation, cyber-sabotage, election interference, dumping of emails and leaking.

Sandworm disabled Ukraine’s power grid in 2015. The following year it took part in Russia’s brazen operation to derail the US presidential election. Two of its operatives were indicted for distributing emails stolen from Hillary Clinton’s Democrats using a fake persona, Guccifer 2.0. Then in 2017 Sandworm purloined further data in an attempt to influence the outcome of the French presidential vote, the US says.

The Scan project was commissioned in May 2018 by the Institute of Engineering Physics, a research facility in the Moscow region closely associated with the GRU. All details were classified. It is not clear whether Sandworm was an intended user of the system, but in May 2020 a team from Vulkan visited a military facility in Khimki, the same city on the outskirts of Moscow where the hacking unit is based, to test the Scan system.

“Scan is definitely built for offensive purposes. It fits comfortably into the organisational structure and the strategic approach of the GRU,” one analyst said after reviewing the documents. “You don’t find network diagrams and design documents like this very often. It really is very intricate stuff.”

Another Vulkan-developed project linked to Amezit is far more threatening. Codenamed Crystal-2V, it is a training platform for Russian cyber-operatives. Capable of allowing simultaneous use by up to 30 trainees, it appears to simulate attacks against a range of essential national infrastructure targets: railway lines, electricity stations, airports, waterways, ports and industrial control systems.

One part of Amezit is domestic-facing, allowing operatives to hijack and take control of the internet if unrest breaks out in a Russian region, or the country gains a stronghold over territory in a rival nation state, such as Ukraine. Internet traffic deemed to be politically harmful can be removed before it has a chance to spread.

And finally:

There were enormous risks, too, for the anonymous whistleblower behind the Vulkan files. The Russian regime is known for hunting down those it regards as traitors. In their brief exchange with a German journalist, the leaker said they were aware that giving sensitive information to foreign media was dangerous. But they had taken life-changing precautions. They had left their previous life behind, they said, and now existed “as a ghost”.

The article contains much more information... read it all if you want to go down the Vulkan Files rabbit hole.

/) /)
( ^ ^)🥕

Enjoy

a reply to: Encia22

read it all if you want to go down the Vulkan Files rabbit hole.

I don't! But I do suspect anything the Russians have in the way of cyber warfare is far, far inferior to what the United States has in this regard.

If the United States can't shut down infrastructure via cyber applications, they will just blow it up by conventional means.

a reply to: Encia22

Interesting stuff , live long and prosper.

originally posted by: Antisocialist
a reply to: Encia22

read it all if you want to go down the Vulkan Files rabbit hole.

I don't! But I do suspect anything the Russians have in the way of cyber warfare is far, far inferior to what the United States has in this regard.

If the United States can't shut down infrastructure via cyber applications, they will just blow it up by conventional means.

One document shows engineers recommending Russia add to its own capabilities by using hacking tools stolen in 2016 from the US National Security Agency and posted online.

originally posted by: gortex
a reply to: Encia22

Interesting stuff , live long and prosper.

🍻🖖🏻

a reply to: Antisocialist

I don't! But I do suspect anything the Russians have in the way of cyber warfare is far, far inferior to what the United States has in this regard.

i wouldn't be so sure russians are pretty good coders and program writers.

If the United States can't shut down infrastructure via cyber applications, they will just blow it up by conventional means.

yes the U.S. will leave a calling card of some sort,

Iranian nuclear plants are hit by AC/DC virus By Olga Khazan July 25, 2012

Two of Iran’s uranium-enrichment plants were struck by a cyberattack earlier this week that shut down computers and blared AC/DC songs, according to reports from Bloomberg News and others. The band AC/DC performs. (Eckehard Schulz/ASSOCIATED PRESS) “According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our [virtual private network]. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert,” the Iranian scientist wrote.

After shutting down the network, the attackers played the song “Thunderstruck” by the hard rock band AC/DC at maximum volume.
Iranian nuclear plants are hit by AC/DC virus

a reply to: Encia22

I saw this, too.

Apparently Russian agents are spreading anti West disinfo on social media and internet sites.

I find this shocking and am perfectly sure that this is not happening here on ATS. Nor would I ever suggest such a thing.

Just to be clear.

a reply to: BernnieJGato

Thanks for the extra info on Iran.

I love AC/DC and that's a great song...

a reply to: Oldcarpy2

I also doubt places like ATS would be priority targets... we've got a smallish footprint compared to others. We have lots of trolls here, but I don't know how much is a coordinated effort. I'm not even convinced our ATS friend, RussianTroll, was a bonafide plant.

Twitter was mentioned in the article. I wouldn't exclude any other major Social Media platform from their crosshairs.

The leak contains screenshots of fake Twitter accounts and hashtags used by the Russian military from 2014 until earlier this year. They spread disinformation, including a conspiracy theory about Hillary Clinton and a denial that Russia’s bombing of Syria killed civilians. Following the invasion of Ukraine, one Vulkan-linked fake Twitter account posted: “Excellent leader #Putin”.

a reply to: Encia22

you welcome on the iran info, as to this.

I also doubt places like ATS would be priority targets... we've got a smallish footprint compared to others.

if memory serves, ATS has been the target of several DDoS attacks and has been down days a couple of times because of them. don't know if they ever figured out who it was but apparently the site has given someone the red ass.

a reply to: BernnieJGato

That's very interesting! Damn it, I missed those events. I was lurking ATS in the early 2000s and joined in 2016, but I don't remember posts about them. I'm always late to the party...

a reply to: Encia22

ATS has been the target of several DDoS attacks

it might be happening again now and has been all day. reports of people not being able to get on all day here in this thread.


ats site not available

a reply to: BernnieJGato

I watched the new Why Files episode and then went to sleep... I missed all the excitement. ATS seems to be working ok now on both phone/PC. But the timing is interesting as I saw it coincided with the Trump indictment news.

if you belive any thing leak't at This time about Putin,
you need to send my your bank info as I will send you $100k