For years, Russia’s hackers have been among the best in the world. A leak now shows how Putin’s cyber campaigns really work. And against whom they are directed.

At first glance, the company NTC Vulkan is not particularly remarkable. The company, founded in 2010, advises on information security in Russia. But a recent leak from an insider paints a different picture. Vladimir Putin’s most important weapons are hidden behind the walls of the inconspicuous office building: the tools for information warfare.

This is shown by extensive research by several international media houses, such as the “Guardian”, the “Süddeutsche”, the “Spiegel” and the “Washington Post”. They cite a leak by an insider who, outraged by the attack on Ukraine, leaked thousands of pages of secret company documents to the media. And so not only shows how far-reaching Russia’s potential for cyber attacks is. But also how the country uses these weapons.

War abroad and at home

The countless pieces of information were also presented to Western secret services, who rated them as authentic. Some of them prove connections that are already known or suspected, while others uncover them anew. For the first time, they offer a comprehensive look at the way in which Putin’s regime uses information technology to aggressively achieve its goals. Efforts are directed against targets both at home and abroad.

In Russia itself, the government is consistently working to maintain control over the information available to its own citizens. They monitor the social networks, use the data to identify and prevent possible resistance. If push comes to shove, the regime even has the option of redirecting the entire internet traffic in a region to better censor the data. This is said to have already happened on the Russian-occupied Crimean Peninsula.

But Russian hackers are also highly active in other countries. Disinformation campaigns are intended to create insecurity in social media and promote social division. To do this, you use tons of fake profiles and bots in social networks. Efforts to create “offensive” software are significantly more dangerous. This enables hackers to target people, companies and the infrastructure of other countries and either damage them or take control of them.

The documents even show concrete goals, as the standard writes. According to this, a nuclear power plant, the country’s Ukrainian embassy and the Foreign Ministry are marked on a map of Switzerland. Other documents mention airports, train lines and other infrastructure as possible targets.

suspected

While many of these connections have long been suspected by circumstantial evidence, they are now being clearly proven through the research for the first time. The documents show that Vulkan works closely with the KGB successor FSB, the military intelligence service GRU and the foreign intelligence service SVR. They “hid” behind the front company, the insider reported.

The documents also link Vulkan directly to known hacker groups and, in some cases, previously known attack programs. The notorious Sandworm group was suspected to be close to the Russian secret services in the past. The hackers are not only associated with cyber attacks on the Ukrainian power grid. They are also said to be behind NotPetya. The notorious Trojan horse wreaked havoc across Europe from an attack in Ukraine. Initially disguised as an extortion Trojan, experts quickly concluded that it was a pure destruction campaign (read more here). Because the Trojan spread beyond the borders of Ukraine, probably without the intention of the attackers, Notpetya is now considered the cyber attack that caused by far the greatest financial damage.

“Extremely Dangerous”

Direct statements about hacker operations in Ukraine during the war cannot be read from the leaks. The data is from the years 2016 to 2021. A few days after the invasion, the insider contacted a reporter from the “Süddeutsche Zeitung”, who then spent a year evaluating it in an international research network. “People should learn about the dangers,” the Guardian quoted the insider as saying. “This company is doing bad things and the Russian government is cowardly and wrong.” He wanted the public to know what was going on behind closed doors.

Although Vulkan has been linked to the Russian intelligence services and hacker groups like Cozy Bear in the past, leaking the evidence could still have serious consequences for the leaker. The fact that such leaks from Russia are very rare is also due to the fact that Putin mercilessly pursues them and punishes them draconically. “If the person comes from Russia, they have hopefully left the country by now,” the “Standard” quoted an expert as saying. “What she did is extremely dangerous.”

Sources: Guardian, Standard, Spiegel, Washington Post

Also read:

Hacker was only looking for computer errors – and accidentally destroyed 140 million euros

Russian elite hackers paralyzed Ukraine’s power grid. Now they turn your router into an attack tool

Is it revenge? Hackers crack CIA’s cybersecurity subsidiary – and make dangerous loot