Russian cybersecurity firm NTC Vulkan has been accused of aiding the country’s cyberwarfare capabilities and spreading disinformation online. Thousands of leaked documents from the company reveal their work in supporting hacking operations, training operatives before attacks on national infrastructure, spreading disinformation, and controlling sections of the internet. The company’s work is linked to Russia’s federal security service or FSB, the operational and intelligence divisions of the armed forces, and Russia’s foreign intelligence organizations.
The Amezit System and Cyber Operatives’ Training
One of Vulkan’s projects involved working with Sandworm, a notorious unit of cyberwarriors linked to the Kremlin, to build the ScanV system. The intelligence gathered by ScanV is stored in a data repository giving hackers an automated means of identifying targets.
Moreover, Vulkan played a central role in the creation of the Amezit system- a sweeping program enabling Internet control, surveillance, and disinformation which was linked to the Russian military. Vulkan engineers were still working on improving parts of Amezit well into 2021, with plans for further development in 2022.
The Crystal2V system is another project designed to train cyber-operatives in methods required for taking down rail, air and sea infrastructures. It is created by NTC Vulkan with alleged links to military unit 33949.
The leaked files show that NTC Vulkan also worked with military unit 33949, an undercover part of Russia’s foreign intelligence agency SVR on several projects.
Collaboration between NTC Vulkan and Federal Security Service (FSB)
NTC Vulkan specializes in information security and works with big state-owned Russian companies like Sberbank, Aeroflot and Russian Railways. The company has staff graduated from Bauman Moscow State Technical University, which feeds recruits to the defense ministry.
According to the leaked documents, the company’s work is linked to Russia’s federal security service or FSB, the operational and intelligence divisions of the armed forces, and Russia’s foreign intelligence organizations. The Scan project was commissioned in 2018 by the Institute of Engineering Physics, a research facility closely associated with the GRU.
The Vulnerabilities of Cyberattacks on Civilian Critical Infrastructures
The leaked documents raise questions about Russia’s cyber-capabilities especially in light of their war against Ukraine. It is not known whether the tools built by Vulkan have been used for real-world attacks in Ukraine or elsewhere. However, engineers from Vulkan recommended that Russia add to its own capabilities by using hacking tools stolen in 2016 from the US National Security Agency and posted online.
The documents contain insight into the Kremlin’s sweeping efforts in the cyberrealm at a time when they pursue a brutal war against Ukraine. Besides, it consists of what appear to be illustrative examples of potential targets, including dots across the US and details of a nuclear power station in Switzerland.
Russia views attacks on civilian critical infrastructure and social media manipulation as part of one mission- an attack on the enemy’s will to fight.
Outsourcing Cyberwarfare Capabilities
Corporate documents obtained by The Washington Post reveal NTC Vulkan aided Russian intelligence agencies with social media disinformation and provided training to remotely disrupt real-world targets. The documents suggest that Moscow outsources an extensive breadth of their work.
An anonymous whistleblower expressed outrage and disapproval of Russia’s invasion of Ukraine, referring to NTC Vulkan as “cowardly and wrong.” Western intelligence officials and cybersecurity experts believe the documents to be authentic.
Russian-backed actors have used disinformation campaigns to demoralize Ukrainians and incite internal unrest. The Russian government has also attempted several destructive cyberattacks against Ukraine, but many have failed or were thwarted with assistance from the US and EU.
The Risks of Returning IT Engineers to Russia
The leaked documents highlight the ongoing risks posed by working with Russian cybersecurity firms, especially given rising geopolitical tensions. There are difficult questions raised about the security risk posed by ex-Vulkan employees, the ethics of employing Russian engineers with a background in information security, and returning IT engineers to Russia given their former employment.
The Soviet-era education model for engineers is still in place after the collapse of the Soviet Union, producing graduates who were expected to behave as technical servants of the state’s military-industrial complex. However, a new generation of engineers was well-versed in western technology, making them enthusiastic recruits for military and security research.
Vulkan’s engineers were well-educated, globally connected, and often frequented IT conferences around the world. The risks posed by returning these individuals to Russia remains a concern for national security agencies involved.
Image Source: Wikimedia Commons
