The insane scale of the Russian cyberwarfare revealed as the invaders’ IT companies leaked data

Thousands of pages of classified documents detail the work of the company’s engineers for the Russian military and intelligence services. They support hacking operations, train operators before attacks, spread disinformation and control the internet.

What do the documents say?

The company’s work is related to the operational and intelligence units of the armed forces, such as the Federal Security Service (FSB), the GRU, as well as Russia’s foreign intelligence agency SZR. The leak includes emails, internal documents, project plans, budgets, and contracts. They provide insight into the Kremlin’s large-scale efforts in cyberspace.

In one of the documents “Vulkan” is associated with the notorious hacker group Sandworm.According to the US government, it caused two power outages in Ukraine (including 2015), interfered with the Olympics in South Korea, and started a virus. not petia, the most economically destructive malware in history. It’s also behind political manipulation, cyber sabotage, election interference in the US and France, email attacks (such as hacking emails from Democrat Hillary Clinton), and information leaks. Sandworm’s scale of activity is enormous.

• Hackers search the Internet for vulnerabilities stored for later use in future cyber attacks.
• their system “Amesite”It is a scheme to monitor and control the internet in Russia-controlled regions and also provides disinformation through fake profiles on social networks.
• another system, “Crystal-2V”is a training program for the decommissioning of rail, air and marine infrastructure. This program is marked “Top Secret”.
• program “Tara-V” performs automatic discovery of potential targets worldwide.

Some facts point to a link with Russian hacking groups Cozy Bear And Fancy Bear – they can be part of the company. The leaked documents show examples of potential targets. One of them Includes a map with points marked across the United States. The other is the details of a nuclear power plant in Switzerland.. In another document, engineers recommend that Russia develop its own capabilities with the help of hacking tools stolen from the US National Security Agency in 2016 and posted on the Internet.

internet control

since 2018 “Vulkan” begins to use a large-scale program that allows you to control, monitor and misinform the Internet.. This is the same as the “Amesite” mentioned above. A lot of people worked on it, huge funds and a lot of time were invested. The company won the contract to install the system in 2016, but documentation showed the system was still being improved in 2021. “Vulkan” is probably still working with him.

The possibilities of this software are extremely wide. It is explained in at least 387 pages. Some are targeted at the so-called “inland countries”. Presumably this refers to countries that share borders with Russia, including Ukraine. “Amezit” monitors, intercepts and deletes “harmful” traffic; It identifies people viewing pages, sees what they refer to on the Internet, monitors information shared by users, etc.

The files also contain information about an FSB operation to monitor social media use in Russia on a “massive scale” and uses semantic analysis to identify content hostile to the regime. The program helps criminals with this “Faction”. It crawls sites like Facebook, VKontakte or Odnoklassniki, looking for keywords and identifying potential competitors.

Another episode of the “Amezite” program, as the Guardian wrote, automatic internal propaganda tools. Among other things, the set of files contains screenshots showing a number of fake accounts (bots) engaged in this type of propaganda – spreading disinformation, conspiracy theories, arguing in the comments, praising the government and criticizing the opposition and the West, etc.

certificate

Vulkan files are dated 2016-2021. The Guardian writes that behind the leak was an anonymous informant “outraged by Russia’s war in Ukraine”. Such leaks are extremely rare. A few days after the invasion in February 2022, an unidentified person addressed the German newspaper Süddeutsche Zeitung and stated that the GRU and FSB were “hiding behind” the Vulcan company. “People need to be aware of the dangers of this. Because of the events in Ukraine, I decided to release this information. The company is doing bad things and the Russian government is cowardly and unfair. The invasion of Ukraine makes me angry and the terrible things that are happening there. I hope you get this information about what’s going on behind closed doors.” You can use it to show.”the whistleblower’s statement said.