Western Media Group Publishes Investigation into Russia's Cyber \u200b\u200bCapabilities Based on Secret Documents Leak. It concerns NTC Vulkan, a Russian cybersecurity firm that is a contractor for the Russian military and intelligence services..

The journalists examined thousands of pages of documents and found out how, over the years, a group of the best Russian IT engineers cooperated with the Russian army and its intelligence: they carried out hacking operations, trained operatives before attacks on national infrastructures, spread disinformation and controlled certain segments of the Internet..

Information was provided to journalists by one of the former employees of the company, outraged by Russia's actions in Ukraine. A few days after the invasion in February last year, a source contacted the German newspaper Suddeutsche Zeitung and said that the GRU and the FSB were behind Vulkan..

“In connection with the events in Ukraine, I decided to publish this information. The company is doing bad things and the Russian government is cowardly and wrong. I'm angry about the invasion of Ukraine and the terrible things that are happening there. I hope you can use this information to show what goes on behind closed doors,” wrote a whistleblower who shared the information with a number of media outlets..

Later, five Western intelligence agencies confirmed the authenticity of the documents.. Secret files leak contains internal documents for 2016-2021, project plans, emails, contracts and budgets. They allow us to understand the scale of Russian cyberattacks against Ukraine and other countries..

Vulkan was launched at a time when Russia was rapidly expanding its cyber capabilities.. Traditionally, the leadership in cyber affairs was assumed by the FSB. In 2012, Putin appointed the ambitious and energetic Sergei Shoigu as Minister of Defense.. Shoigu, who is in charge of Russia's war in Ukraine, wanted to have his own cyber troops that would report directly to him..

Since 2011, Vulkan has received special state licenses to work on secret military projects and state secrets.. It is a medium-sized technology company with over 120 employees, about 60 of whom are software developers.. It is not known how many private contractors have access to such sensitive projects in Russia, but by some estimates there are no more than a dozen.

Vulkan's corporate culture is more like Silicon Valley than a spy agency. The firm has a full-time football team, as well as motivational emails with fitness tips and employee birthday celebrations.. There is even a promotional video with an optimistic slogan: "

Officially, Vulkan's field of activity is information security.. Its clients include large Russian state-owned companies, in particular Sberbank, the country's largest bank, the national airline Aeroflot and Russian railways..

One of the documents links the Vulkan cyber-attack tool to the notorious Sandworm hacker group.. It was this group, according to the US government, that caused power outages in Ukraine twice, disrupted the Olympic Games in South Korea, and launched NotPetya, the most economically disruptive malware in history.. NotPetya started operating in Ukraine and rapidly spread around the world. It disabled transport companies, hospitals, postal systems and pharmaceutical manufacturers - the digital attack has moved from the virtual to the physical world.

[see_also ids\u003d"

In 2015, Sandworm brought down the power grid of Ukraine. The following year, he participated in the Russian operation to disrupt the US presidential election.. Two of its participants were accused of distributing emails stolen from Democrat Hillary Clinton.. In 2017, Sandworm stole additional data in an attempt to influence the results of the French presidential election..

[see_also ids\u003d"

Another system, known as " It also allows you to make information stuffing through fake profiles on social networks..

The question of whether Amezit systems were used on the territory of occupied Ukraine remains open.. In 2014, Russia captured the eastern cities of Donetsk and Luhansk. Since last year, it has occupied even more territory and shut down Ukrainian Internet and mobile services in controlled areas.. Citizens of Ukraine are forced to connect through Crimean telecom operators, SIM cards are distributed in filtration camps run by the FSB.

Amezit allows the Russian military to conduct large-scale covert disinformation operations on social networks and the Internet by creating bots - accounts that resemble real people. They have names and stolen personal photos, which are then used for months to create a realistic digital footprint..

The documents provided by the source contain, in particular, screenshots of fake Twitter accounts and hashtags used by the Russian military from 2014 to the beginning of this year.. They spread disinformation, including the Hillary Clinton conspiracy theory and the denial that Russian bombing of Syria caused civilian deaths.. After the invasion of Ukraine, one fake Twitter account associated with Vulkan wrote: "

[see_also ids\u003d"

The third system created by Vulkan - Crystal-2V - is a training program for cyber operators in the methods necessary to disable rail, air and maritime infrastructures.. The file explaining the software states: "

Some documents contain what are probably illustrative examples of potential targets.. One contains a map showing locations throughout the United States. The other is details of a nuclear power plant in Switzerland.

In one of the documents, the engineers recommend that Russia expand its capabilities with hacking tools stolen in 2016 from the US National Security Agency and published on the Internet..

[see_also ids\u003d"

Since last year’s invasion, Russia has arrested anti-war protesters and passed punitive laws to prevent public criticism of what Putin calls a “special military operation.”. The Vulkan files contain documents related to the FSB's operation to monitor social media use in Russia on a gigantic scale, using semantic analysis to detect hostile content..

The firm developed a mass collection program for the FSB called Fraction. She combs sites like Facebook or Odnoklassniki (Russian equivalent) looking for keywords.. The goal is to identify potential oppositionists based on data from open sources.

Vulkan employees regularly visited the FSB information security center in Moscow, the agency's cyber division, to receive advice on the secret program.. The building is located next to the FSB headquarters on Lubyanka and a bookstore: that is why the employees of the unit were jokingly nicknamed "

[quote type\u003d" It is afraid of street protests and revolutions like Ukraine, Georgia, Kyrgyzstan and Kazakhstan. Moscow sees internet as crucial weapon to maintain order. At home, Putin eliminated his opponents. Dissidents jailed; critics like Alexei Navalny poisoned and imprisoned. [/quote].

Prior to the Russian invasion of Ukraine in 2022, Vulkan employees openly traveled to Western Europe attending conferences on IT and cyber security, in particular a meeting in Sweden to exchange experiences with delegates from Western security firms..

Former Vulkan employees live in Germany, Ireland and other EU countries. Some work for global technology corporations. Two are in Amazon Web Services and Siemens. Siemens declined to comment on individual employees, but said it takes such matters very seriously.. Amazon says it has implemented 'strict controls' and that protecting customer data is its 'top priority'.

It is not clear if the former Vulkan engineers who are now in the West constitute a security threat or if they have attracted the attention of Western counterintelligence services.. It would seem that most of them have relatives in Russia, which, as you know, is often used by the FSB to put pressure on Russian specialists abroad for the purpose of cooperation.

According to The Guardian, one of the former employees expressed regret that he helped the Russian military and reconnaissance vehicles..

“At first I did not understand what my work would be used for..

Over time, when I realized this, I realized that I could not continue, and that I did not want to maintain a regime. I was afraid that something would happen to me or I would end up in jail,” he said..

The Russian regime is notorious for hunting down those it considers traitors.. In a brief conversation with a German journalist, the man who provided documents for the investigation said he was aware of the danger, but took steps to change his life, leaving the past behind..