The Vulkan Files: Secret trove offers rare look into Russian cyberwar ambitions
Russian intelligence agencies worked with a Moscow-based defense contractor to strengthen their ability to launch cyberattacks, sow disinformation and surveil sections of the internet, according to thousands of pages of confidential corporate documents.
The documents detail a suite of computer programs and databases that would allow Russia’s intelligence agencies and hacking groups to better find vulnerabilities, coordinate attacks and control online activity. The documents suggest the firm was supporting operations including both social media disinformation and training to remotely disrupt real-world targets, such as sea, air and rail control systems.
An anonymous person provided the documents from the contractor, NTC Vulkan, to a German reporter after expressing outrage about Russia’s attack on Ukraine. The leak, an unusual occurrence for Russia’s secretive military industrial complex, demonstrates another unintended consequence of President Vladimir Putin’s decision to take his country to war.
Officials from five Western intelligence agencies and several independent cybersecurity companies said they believe the documents are authentic, after reviewing excerpts at the request of The Washington Post and several partner news organizations.
These officials and experts could not find definitive evidence that the systems have been deployed by Russia or been used in specific cyberattacks, but the documents describe testing and payments for work done by Vulkan for the Russian security services and several associated research institutes. The company has both government and civilian clients.
The trove offers a rare window into the secret corporate dealings of Russia’s military and spy agencies, including work for the notorious government hacking group Sandworm. U.S. officials have accused Sandworm of twice causing power blackouts in Ukraine, disrupting the Opening Ceremonies of the 2018 Winter Olympics and launching NotPetya, the most economically destructive malware in history. [Continue reading…]